blitz-krieg Posted May 6, 2014 Share Posted May 6, 2014 hiquick question about the heartbleed bugif you had murmur (server) running with a vulnerable version of openssl could the connecting clients (running with a none vulnerable version of openssl) have had there certificate revealed to any potential attacker? http://blog.mumble.info/wp-uploads/2014/04/heartbleed.pngany reply would be greatly appreciated/blitz-krieg Link to comment Share on other sites More sharing options...
Administrators kissaki Posted May 6, 2014 Administrators Share Posted May 6, 2014 We ourselves never distributed vulnerable versions.If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so. Link to comment Share on other sites More sharing options...
blitz-krieg Posted May 6, 2014 Author Share Posted May 6, 2014 We ourselves never distributed vulnerable versions.If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so. thanks for answeringyeah i now i read the message in your bloggi used the package available in debian stable (wheezy) which if im not mistaking used a vulnerable version of openssl.time for some certificate revocation i guess/blitz-krieg Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now