Léa-Linux & amis :   LinuxFR   GCU-Squad   Zarb.Org   GNU
Archive de la liste aide - [Aide] faille openssl
Ca semble à jour:  puisque cela concerne bien la CVE-2014-0160

https://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
http://www.openssl.org/news/vulnerabilities.html#2014-0160

=== pour vérifier:

aptitude changelog openssl|head -20

Prendre :  Changelog of openssl
openssl (1.0.1e-2+deb7u5) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add CVE-2014-0160.patch patch.
    CVE-2014-0160: Fix TLS/DTLS hearbeat information disclosure.
    A missing bounds check in the handling of the TLS heartbeat extension
    can be used to reveal up to 64k of memory to a connected client or
    server.

 -- Salvatore Bonaccorso <carnil at debian.org>  Mon, 07 Apr 2014 22:26:55 +0200

openssl (1.0.1e-2+deb7u4) stable; urgency=medium

  * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
  * Enable assembler for the arm targets, and remove armeb.
    Patch by Riku Voipio <riku.voipio at iki.fi> (Closes: #676533)

 -- Kurt Roeckx <kurt at roeckx.be>  Sat, 01 Feb 2014 21:25:20 +0100

===

Serveur hébergé par ST-Hebergement et Lost-Oasis / IRC hébergé par FreeNode / NS secondaire hébergé par XName
Sauf mention contraire, les documentations publiées sont sous licence Creative-Commons