Open SSL 1.01 to 1.01f vulnerable

[pedropt]

nothing is secure , tha we already knew .
also many versions of linux distributions are vulnerable to this issue .

more information on this subject in :
http://www.heartbleed.com

do not panic , the new version is already avaliable at openssl.com but it may take 1 day or 2 until be avaliable with apt-get update .

if you want to update to version 1.01g now the open a terminal and copy all these commands to there :

cd /
cd tmp
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
tar -xzvf openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
make
make install

you have just updated your ssl

[blackMORE]

We just finished implementing this fix in 95 servers irrespective they using SSL or public facing or not. I suggest others to check their F5's to confirm vuln. As far I am aware, 10.1 below and 11.5 is vuln.

[g0tmi1k]

The Kali-Linux repo is synced automatically 4 times a day with Debian.

Debian have pushed out a patch (apt-get update && apt-get install openssl), so this means all Kali users will also get it.

Code:

root@kali ~$ dpkg -l | grep openssl
ii  libcrypt-openssl-bignum-perl                                0.04-3                             i386         Access OpenSSL multiprecision integer arithmetic libraries
ii  libcrypt-openssl-rsa-perl                                   0.28-1                             i386         module for RSA encryption using OpenSSL
ii  libevent-openssl-2.0-5:i386                                 2.0.19-stable-3                    i386         Asynchronous event notification library (openssl)
ii  libgnutls-openssl27:i386                                    2.12.20-8+deb7u1                   i386         GNU TLS library - OpenSSL wrapper
ii  openssl                                                     1.0.1e-2+deb7u6                    i386         Secure Socket Layer (SSL) binary and related cryptographic tools
ii  python-openssl                                              0.13-2+deb7u1                      i386         Python 2 wrapper around the OpenSSL library
root@kali ~$

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4

Source: http://heartbleed.com/


The current version is: 1.0.1e-2+deb7u6.
The vulnerable is: 1.0.1e-2+deb7u4
For more information: http://www.debian.org/security/2014/dsa-2896


Its highly recommend that you stick to the repo, rather than compiling it yourself.
For reasons why: http://www.kali.org/kali-monday/blee...-repositories/