Slashdot Mirror

← Back to Stories (view on slashdot.org)

Multiple Vulnerabilities in OpenSSL

Posted by CowboyNeal on from the stay-safe-stay-current dept.

gfilion writes "Updated versions of OpenSSL are now available which correct two security issues: A null-pointer assignment during SSL handshake and an out-of-bounds read that affects Kerberos ciphersuites. Full advisory available on OpenSSL site and US-CERT."

20 of 274 comments (clear)

  1. Let's be like M$... by barfarf · · Score: 4, Funny
    I think we should be like Microsoft and not tell anyone about it until it's already patched.

    ... oh, wait....

    1. Re:Let's be like M$... by Trejkaz · · Score: 4, Funny

      But remember, according to Microsoft the exploits can't exist until after the patch is released anyway.

      --
      Karma: It's all a bunch of tree-huggin' hippy crap!
  2. They can only cause my servers to crash by Anonymous Coward · · Score: 0, Funny

    which they do regularly anyway, thanks to cheap-ass Fry's RAM, ECS motherboards that cost $19.95, and republican style electricity service.

    I'll update when I feel like it.

  3. Re:3 actually by Anonymous Coward · · Score: 4, Funny

    Let me summarize this whole thread so we don't waste anytime:

    Microsoft fans - "see, Linux/FOSS have security issues too"

    Linux fans - "yeah, but we fixed this right away. If this was Microsoft, we would have been waiting for months"

    Repeat again and again..

    Netx topic please..

  4. Bullshit... by Anonymous Coward · · Score: 4, Funny
    Everything is fine, firewall is quiet, and I dont think a single box wiL#%*#AT+H+H[NO CARRIER]

  5. Re:Patch updates are NOT news by pompousjerk · · Score: 5, Funny

    I'm betting that there are a large number of sysadmins who pay more attention to /. than they do to keeping systems up to date.

  6. Re:Uhh by Anonymous Coward · · Score: 2, Funny

    And a dog doesn't need slashdot to tell him where the nearest bone is buried.

    Point being: slashdot isn't news for good admins. It's news for nerds that are hopelessly wrapped up in battle between Open Source and the evil Micro$haft corporation that they fabricated to bring some drama to their dreary lives.

    Hellooooo -1 country!

  7. Re:3 actually by smittyoneeach · · Score: 3, Funny

    You're flying too low to see the us/them dichotomy going on, boss.

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  8. Re:3 actually by Anonymous Coward · · Score: 2, Funny

    hate to troll either but all the Microsoft fans on slashdot are Microsoft Employees. I know this because I am one. I am too ashamed to admit it in public but hay, the pay is great.

  9. For the love of god by Anonymous Coward · · Score: 5, Funny
    Please let the 'no proble...[NO CARRIER]' joke die. It is less funny than recursive acronyms, number representation wackiness, or 'yet another' names for programs.

    Okay, maybe not less funny - but just as unfunny.

  10. Re:They are if you just got hacked... by Anonymous Coward · · Score: 2, Funny

    It puts the patches on the server, or else it gets the hose again.

  11. Re:before the trolls start... by doomy · · Score: 4, Funny
    Yes, but when MS has OpenBSD's track record, you can compare.

    This just out from MSFT:
    Only one remote hole in Windows XP, since yesterday.
    --
    ...free your source and the rest would follow...
  12. old news by Anonymous Coward · · Score: 1, Funny

    i patched this like ten hours ago.

  13. Re:Non-Exploitable Security DOS Exploit by Anonymous Coward · · Score: 1, Funny

    You're such a dork.

  14. Re:3 actually by fermion · · Score: 5, Funny
    Anyway we all know the problem isn't MS, the problem is C. It is such a 1970 type of language. Back when programmers were randomly jumping from place to place, casting memory as whatever type of data pleased them, recasting the data in function calls, copying blocks of data without a care of whether the blocks really existed, and, in this case, assigning NULL pointers all willy nilly. I mean really. No programmer educated in the past 15 years actually has the skill to remember that the void pointer pointer which in the last call has the value of the beginning of a three dimensional array, now points to the beginning of four dimensional array, which, of course, is complicated by the fact that such beasts only exist in the mind of the programmer, and not in any specific language construct, pointer math being one of those fictional things beat into the heads of the unfortunate programmers trained 20 years ago. And let's not even talk about the infinite loop idiom.

    Anyway, we need to rewrite the entire thing in the elegant languages of the 21st century. I suggest this

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  15. DONT FIX by ocularDeathRay · · Score: 1, Funny

    Whatever you do... don't release a patch for these problems anymore.. I hear from an "industry leader" that exploits only happen after a patch is released.

    better safe than sorry!!!

    *CHANTING*
    "JUST GIVE HUGS... don't fix bugs!"
    "START FROM SCRATCH... don't release that patch!"
    and...so on

    --
    Obama is a twitter sock puppet
  16. Re:Non-Exploitable Security DOS Exploit by idiotnot · · Score: 2, Funny

    Another trolling gentoo user...gotta love it.

    cvsup....

    cd /usr/src/crypto/openssl
    make
    make install

  17. Re:3 actually by myowntrueself · · Score: 2, Funny

    I've often thought that refactoring the Linux kernel in Haskell would be rather nice.

    C is the devils tool.

    --
    In the free world the media isn't government run; the government is media run.
  18. Re:Non-Exploitable Security DOS Exploit by Anonymous Coward · · Score: 1, Funny

    Instead we wait for the more mainstream outlets like ./ to report the problem.

    If you have time to waste on slashcrap, you have time to keep abreast of things that affect your OS.

    Most of the comments here are a total waste of time.

    Like this one ;-)

  19. Scary AND funny! by veddermatic · · Score: 3, Funny

    When an OSS / Linux / BSD / OS X / something other than Windows flaw is found, it's serious.

    It really is. You need to take it seriously and fix it. ASAP. Hopefully, most folks who run said OSes are paying attention, and will do what they need to do to secure the flaw.

    That said, every time anyone uses Outlook to read email, the above looks really, really good.

    --
    Department of Homeland Security: Removing the rights real patriots fought and died for since 2001