[stunnel-users] Bleedingheart Bug in OpenSSL
Kevin A. McGrail
KMcGrail at PCCC.com
Thu Apr 10 12:58:31 CEST 2014
Replacing openssl and the certs should be an effective patch. You can always check by running ldd against the stunnel binary to confirm it is linking to a specific SSL library.
There is also some consideration that you must assume systems were compromised and snooped and change all passwords as well...
Regards,
KAM
Koenraad Lelong <stunnel at ace-electronics.be> wrote:
>op 10-04-14 12:15, Koenraad Lelong schreef:
>> op 08-04-14 16:58, Burak Say schreef:
>>> Hello,
>>>
>>> When do you think you can release a patch to use OpenSSL 1.0.1g
>instead
>>> of 1.0.1f?
>>>
>>
>> Hi,
>>
>> I would like to know if I'm safe when I installed the latest
>> openssl-libraries comming from ubuntu (for 12.04LTS). Or do I need to
>> update stunnel also ? The ubuntu package for the latest stunnel seems
>> unavailable right now.
>>
>> Regards,
>>
>> Koenraad.
>
>I just thought of looking in the package-manager. This says stunnel
>depends on libssl1.0.0 (installed 1.0.1-4ubuntu5.12) and on openssl
>(installed 1.0.1-4ubuntu5.12).
>So I presume I can generate new certificates.
>
>Koenraad.
>
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at stunnel.org
>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140410/c0d911f9/attachment.html>
More information about the stunnel-users
mailing list