|
Effective Date: Apr 10 2014 Product: OpenSSL 1.0.1 through 1.0.1f Platform: Linux, *BSD The OpenSSL cryptographic library contains a bug allowing exposure of information. This library is used in web protocols to encrypt traffic and protect data (for example, banking and credit card data, web authentication, and email). This bug allows an attacker to effectively eavesdrop on communications and steal data directly from services and users, as well as impersonation. OpenSSL is also used in other programs/services, such as email clients, instant messaging, and virtual private networks. Fortunately, there are patches available. If you run a Fermilab webserver you must: - Patch to OpenSSL 1.0.1g at a minimum and restart SSL-enabled services If the service is exposed to the Internet, this must be patched by April 10th. If it is internal (that is, accessible only from Fermilab), it must be patched by April 30th. |
|
For
assistance contact servicedesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified on Oct 5, 2012. (Address comments about page to the Computer Security Team.) |