Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 08 Apr 2014 21:59:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: Other instances of CVE-2014-0160 - mod_spdy from Google

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So it appears there are projects that statically compile OpenSSL into
their software, one example:

https://code.google.com/p/mod-spdy/

SECURITY UPDATE (8 Apr 2014): All mod_spdy users should upgrade to
mod_spdy 0.9.4.2 immediately to fix the heartbleed bug in mod_spdy's
linked version of OpenSSL. See
https://code.google.com/p/mod-spdy/issues/detail?id=85  for details.

./src/build_modssl_with_npn.sh:OPENSSL_SRC_TGZ_URL="https://www.openssl.org/source/openssl-1.0.1g.tar.gz"

I have to assume there are more. So if you know of any please post
them to OSS-Security (and Full-Disclosure) so people can find out (and
hopefully all the security scanners/etc. add them to their checks).


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTRMWkAAoJEBYNRVNeJnmTHeYP/2YybedrcK44gVPbufMylfX5
Z7pFPssxxTOC7yhiYC3u5GrTT3HOPXSt6AGKBPLPF/ZE+XZZVHXU9L2Xjhj/2f+y
5UICiVDQRmeSwV3E0bA87nw/TB9ofA5yVy5xmJLwBpHi9sH5BNC0Kh/8rDNGBv0b
j9+MkPYHDMgHr+GoXKS9UbGP+GXcbOy3zY+/HJwKgZe1TGK4u3nm2Vb6gNAkebjy
W8AWGhAsH5AV2RxZGLYV8UZPKWEi4qSbABNR75slMhEucr3dwyJswPdOkppbi9Sh
VBEOHM69VWANKFKYB0bxrEcOqch5V1LYJZY/tlkJdZj43YyJAB6Jmz4xDQ3UvZyU
/lVpkU/k3OHksSKa0Xx85YJIyhGMs2NTKJBg6hN0TJrXn84/MgQlVRQp1GfiW9sy
g83IMzkmCznP1uIEv5vHrIP9Nq2IcefoCS1PTNNm36g2hJXEECcI+EaCt214fHcd
XyUdqQM9q60BSSfPSwxrcz4HtL9CceOqGaBSPEuST7BRh4TqpxvULDFKPL4friEM
GvsoNvj33bc1aBBQcFi7R9SfUFSIHcMAo293oMTXctuDi1HPQ8+vIuD5InWEQ4u7
/ZY0ukrlvKJiIW6wTrsRdkANAPl8j1fhQz8cFjeKA/m2Yq/yUKmqQKs4xy9CEFsy
PBrE3ZVLzBOiIS9idhXn
=hQHV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ