[stunnel-users] Bleedingheart Bug in OpenSSL
Kevin A. McGrail
KMcGrail at PCCC.com
Thu Apr 10 12:58:31 CEST 2014
Replacing openssl and the certs should be an effective patch. You can always check by running ldd against the stunnel binary to confirm it is linking to a specific SSL library.
There is also some consideration that you must assume systems were compromised and snooped and change all passwords as well...
Koenraad Lelong <stunnel at ace-electronics.be> wrote:
>op 10-04-14 12:15, Koenraad Lelong schreef:
>> op 08-04-14 16:58, Burak Say schreef:
>>> When do you think you can release a patch to use OpenSSL 1.0.1g
>>> of 1.0.1f?
>> I would like to know if I'm safe when I installed the latest
>> openssl-libraries comming from ubuntu (for 12.04LTS). Or do I need to
>> update stunnel also ? The ubuntu package for the latest stunnel seems
>> unavailable right now.
>I just thought of looking in the package-manager. This says stunnel
>depends on libssl1.0.0 (installed 1.0.1-4ubuntu5.12) and on openssl
>So I presume I can generate new certificates.
>stunnel-users mailing list
>stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users