Slashdot Mirror


Multiple Vulnerabilities in OpenSSL

gfilion writes "Updated versions of OpenSSL are now available which correct two security issues: A null-pointer assignment during SSL handshake and an out-of-bounds read that affects Kerberos ciphersuites. Full advisory available on OpenSSL site and US-CERT."

4 of 274 comments (clear)

  1. Yea, yea... by Anonymous Coward · · Score: -1, Flamebait

    OMG TEH LINUX ISN'T 110% UBER-SECURE. We know. Yea, the patch was released almost immediately, we know that too.

    Carry on.

  2. Re:Non-Exploitable Security DOS Exploit by Canberra+Bob · · Score: 2, Flamebait

    Yes, but *BSD takes security in general a lot more seriously.

    Rather than racing around trying to be all things to all people, the *BSD developers concentrate on what they are good at: developing a darn good server OS.

    For your average Linux user, this will be treated as a nuisance that interrupts them trying to get the latest unstable kernel compiled, for your average *BSD user, this is important stuff that affects the security of their IT infrastructure.

  3. I concur! by Anonymous Coward · · Score: -1, Flamebait

    I concur, we should force OpenSSL to port to Java. Or at the very least, put in a requirement on Hardened GCC!

  4. Re:They are if you just got hacked... by Anonymous Coward · · Score: -1, Flamebait


    No where did he say this had to do with the most recent patch. If people would stop and READ what someone writes instead of getting all defensive when they see owned/exploited/security/linux in one sentence maybe people would start to take Linux users seriously.


    LOL, you fucking cock in ass troll piece of shit. The OP implied a causal relation between leaving SSH open and an exploit. Maybe you should read SHIT FOR BRAINS: he said that he installed the newest Mandrake. Given the fact that SSH has not had any remote auth vulnerability in MONTHS, we can only conclude that his SSH was not to blame you fucking turd. He probably had week passwords.

    About taking "Linux users" seriously, I have been some level of a *nix sysadmin for about 10 years, and I have never seen the need to be taken seriously. Life is too short for me to care about myself or fellow Linux users being taken seriously. Sorry, not everyone needs a product like Windows or Linux to validate their existence, like you seem to. Go back to playing Everquest little boy. Hopefully you'll do the world a favor and off yourself.