[tor-talk] Tor and Openssl bug CVE-2014-0160
Geoff Down
geoffdown at fastmail.net
Tue Apr 8 01:56:06 UTC 2014
On Tue, Apr 8, 2014, at 12:17 AM, Roger Dingledine wrote:
> A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today,
> which can be used to reveal up to 64kB of memory to a connected client
> or server.
>
> https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
>
> The short version is: upgrade your openssl (unless you're running an
> old one), and also more packages coming soon.
>
> --Roger
So this is the openssl *binary*, the version of which is found by typing
openssl version
not some library used when compiling Tor?
If the latter, how do we find the version?
GD
--
http://www.fastmail.fm - Access all of your messages and folders
wherever you are
More information about the tor-talk
mailing list