[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] More OpenSSL issues

To: Jordan Urie <jordan@xxxxxxxxx>, fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] More OpenSSL issues
From: P Vixie <paul@xxxxxxxxxxx>
Date: Fri, 06 Jun 2014 00:35:17 -0700

This does not appear to be the same panic level as the previous patch. In other 
words the previous openssl vuln was worse than the instability of all-night 
patching. This one is not. Take time to roll out right.

On June 5, 2014 7:51:50 AM PDT, Jordan Urie <jordan@xxxxxxxxx> wrote:
>Ladies and Gentlemen,
>
>https://www.openssl.org/news/secadv_20140605.txt
>
>There's an MITM in there, and a potential for buffer over-runs.
>
>Patch up :-)
>
>
>Jordan
>
>--
>
>Jordan R. Urie
>
>UP Technology Consulting, Inc.
>1129 - 177A St. SW
>Edmonton, AB  T6W 2A1
>Phone: (780) 809-0932
>
>www.uptech.ca
>
>_______________________________________________
>Sent through the Full Disclosure mailing list
>http://nmap.org/mailman/listinfo/fulldisclosure
>Web Archives & RSS: http://seclists.org/fulldisclosure/

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] More OpenSSL issues
  - From: Craig Young

References:
- [FD] More OpenSSL issues
  - From: Jordan Urie

Prev by Date: Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
Next by Date: [FD] SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan
Previous by thread: Re: [FD] More OpenSSL issues
Next by thread: Re: [FD] More OpenSSL issues
Index(es):
- Date
- Thread