CERT mailing list archives
OpenSSL 'Heartbleed' Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Tue, 08 Apr 2014 06:09:04 -0500
NCCIC / US-CERT National Cyber Awareness System: OpenSSL 'Heartbleed' Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability ] 04/08/2014 06:51 AM EDT Original release date: April 08, 2014 A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL version 1.0.1g resolves this vulnerability. The 1.0.0 and 0.9.8 branches are not vulnerable. US-CERT recommends users and administrators review Vulnerability Note VU720951 [ http://www.kb.cert.org/vuls/id/720951 ] for additional information and mitigation details. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- OpenSSL 'Heartbleed' Vulnerability US-CERT (Apr 08)