Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - OpenSSL to Release Emergency Security Patch on Thursday (openssl.org)

An anonymous reader writes: The OpenSSL project has announced that it will release a security update for all supported branches on Thursday. Noteworthy is that among the patches will be one for the OpenSSL 1.0.2 branch that is marked as HIGH risk, such as a Heartbleed style vulnerability that has affected OpenSSL before.

Comment Re:Wow, apt is faster than slashdot (Score 3, Informative) 60

Debian and many other GNU/Linux distros tend to backport patches rather than updating to the new upstream release directly. That's because upstream releases often include other changes that might disrupt the way users use the software. Debian may also include a number of local patches in their version and these might break when rebasing onto a new version. So when they backport a patch they typically don't update the version number except for the last part, in this case the -6 at the end which is a Debian add-on. So it's the sixth Debian patch to the 7.1p1 upstream release that you have there, not 7.1p1 as released by upstream.

Comment Re:...and when you scroll all the way to the botto (Score 3, Informative) 60

“Its exploitation requires two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X),” Qualys said. “This buffer overflow is therefore unlikely to have any real-world impact.”

99.9% of all *nix servers on the planet with SSH on them do not use either option. Good that they patched it, but otherwise, I don't think I'm going to be in a massive hurry to do a crash-patching this weekend.

It's a client-side bug, and both agent and X11 forwarding are fairly common there.

Slashdot Top Deals

Business will be either better or worse. -- Calvin Coolidge