blitz-krieg Posted May 6, 2014 Share Posted May 6, 2014 hiquick question about the heartbleed bugif you had murmur (server) running with a vulnerable version of openssl could the connecting clients (running with a none vulnerable version of openssl) have had there certificate revealed to any potential attacker? http://blog.mumble.info/wp-uploads/2014/04/heartbleed.pngany reply would be greatly appreciated/blitz-krieg Quote Link to comment Share on other sites More sharing options...
Administrators kissaki Posted May 6, 2014 Administrators Share Posted May 6, 2014 We ourselves never distributed vulnerable versions.If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so. Quote Link to comment Share on other sites More sharing options...
blitz-krieg Posted May 6, 2014 Author Share Posted May 6, 2014 We ourselves never distributed vulnerable versions.If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so. thanks for answeringyeah i now i read the message in your bloggi used the package available in debian stable (wheezy) which if im not mistaking used a vulnerable version of openssl.time for some certificate revocation i guess/blitz-krieg Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.