Slashdot Mirror


OpenSSL Security Update

Pseud0 writes "Just announced on the OpenSSL announce mailing list. The affected versions are "[...] OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable." Get your updates here."

8 of 208 comments (clear)

  1. another victory for Open Source! by tps12 · · Score: -1, Troll

    Notice how with Free Software we get the security notice and the fix for it at the same time. Thanks to "many eyes," no sooner is a flaw detected than it is patched up! Meanwhile, Micro$oft covers up its security holes and then denies they exist when servers start getting rooted (or Administratored, rather). If there were any justice in the world, Apache would be walking all over IIS, rather than the other way around. This is the kind of thing that keeps me coming back to Linux year after year (I always reserve Good Friday for an "upgrade" to the latest Linux). With Linux on my servers and even my desktop (I find DVD menus distracting, don't play games, and never print in color, so this is acceptible), I know I can always count on being safe, stable, and secure.

    --

    Karma: Good (despite my invention of the Karma: sig)
    1. Re:another victory for Open Source! by Anonymous Coward · · Score: -1, Troll
  2. GPL'ed software cannot link to OpenSSL by Anonymous Coward · · Score: -1, Troll

    To anyone considering using openssl in their project you should be aware that it violates the GPL.

    Openssl is subversive.

  3. Re:Brits and their disgusting teeth by Anonymous Coward · · Score: -1, Troll

    the whole bunch of europe seem to think that white teeth are a disgrace, something to be ashamed of. there's chinks over in chink-land that dye their teeth black for that reason. stupid fucking animals, i hope bush just get"S get up and melts the whole country of europe OFF THE MAP! !!! YOU SMELLY FUCKS!

  4. I got laid last night...... by Anonymous Coward · · Score: -1, Troll

    Yeah, and the night before.. It was great.. Mmmm mmmmm.. having that cock slide between my butt cheeks was su-per du-per good. Thanks Taco...

    BTW- Now I know why he calls himself Taco- his manhood smells like one after it's been on the counter for a day in a hot Alabama summer- nice 'n stinky..

  5. WTF?!?!?! by Anonymous Coward · · Score: 0, Troll

    Listen Michael,

    If you are going to post something like this, then I think you should basically be man enough to mirror using your own website or use Slashdot to mirror the new OpenSSL sources and binaries.

    Its completely insane, and thoughtless.. That Slashdot becomes a source of DDOS-like actions against IMPORTANT security advisories and downloads.

    Now thanks to Slashdot and yourself, there is a bunch of servers that are completely left wide open now to this risk. And why?!?! Cause, we can't even access the website, due to /..

    This has been going on for way to long, and I think that Slashdot should owe up to the responsibility of being able to host the files, or stop posting articles in regards to them, till at least a week after the initial announcement.

    Ohh boy.. "I was h4x0r3d due to OpenSSL being /."

  6. OpenSSL is incompatable with GPL'ed projects by Anonymous Coward · · Score: -1, Troll

    To anyone considering using openssl in their project you should be aware that it violates the GPL.

    Read the FAQ at openssl and it says that the GPL holders need to give a special exemption to allow there code to link to openssl.

    Very few project do this and thus are in violation of the GPL and there project cant legally be distributed.

    It has been discussed at lenght on the debian-legal mailing lists if you want technical details.

    Openssl is subversive, basically you can do what you want with it with the exception of using it with a GPL'ed product.

    Say no to Openssl, use GNUTLS

  7. MOD THIS POST DOWN YOU FUCKTARD by Anonymous Coward · · Score: -1, Troll

    Gewd morning lady and geeks, you are now entering... TRoLL TEWSDAE (like a sundae but on a tuesdae). Be prepared for insults, porn, crapfloods, and of course Taco's favorite: hot fudge.

    Troll had declined during the past few weeks, but a call to action has increased not only the frequency of trolling, but also the quality of said trolling. We have gone from spreading FUD to making fun of open sores fucktards who have been doing our job for us. goddamnit if you're gonna troll, troll. But don't fucking go spreading FUD like you mean it, because that just makes you look like Bill Gates and you wouldn't want to have anything to do with the worlds wealthiest man now would you? No, I suppose not, but for your own fucking good, please PLEASE associate yourself with a bar of soap and a good deoderant (I use Sure(tm) myself, so be Sure to be dry)...

    What does this vulnerability mean to you? Well, if you use lunix like many other worthless wastes of carbon and oxygen do, you will have to patch your systems to make yourselves feel worthwhile, due to your lack of pigment, penile length, or a respectable vehicle. No, it isn;t cool to drive a 1988 Subaru wagon, no matter what C++ for dummies said.

    Rather than patching this security hole, you may want to consider some of the following:

    - Going outside. Nature is a wonderful thing and I promise it won't kill you. I cannot, however, promise that a rabid troll will not kill you with a baseball bat or a meat hook.

    - Using Windows. Hey, you may THINK it's not a cool as lunix, but once you realize there is more to life than constantly reading bugtraq to protect your 200 Mhz lunix box from those people who want to hack you over your AOL connection, you might just get the urge to make a phone call TO A FEMALE MEMBER OF THE FEMALE SEX WHO IS FEMALE.

    - Get a girlfriend. Girls who use lunix don't count, as they are barren whores who should be shot.

    Most importantly:

    G to the oatse
    C to the izzex
    fo shizzle my nizzle, jamie@ieatratshitthenieatsomemoneyshit.vg is a shit-eating cock handling fucktard.