15 Apr
2014
15 Apr
'14
7:46 a.m.
On Apr 15, 2014, at 10:20 AM, geneb <geneb at deltasoft.com> wrote:
On Mon, 14 Apr 2014, Dan Gahlinger wrote:
The documentation about the issue makes it clear that it exists in OpenSSL 1.0.1x for x
< ?g? and 1.0.2y for some y I don?t remember. It does not exist in OpenSSL 1.0.0 or
earlier. So you can look at the version in those platforms and find the answer.
If you have a bad version, you can upgrade to a good one, or turn off the bug by
recompiling with a preprocessor definition that turns off the offending code.
paul
If you haven't heard about the openssl
exploit yet, you haven't been reading the news
I'm just wondering if it applies to openvms (or alpha) or other classic systems?
And if it does, is there going to be a bugfix for this?
Dan, it's my understanding that the bug that caused this exploit path was
introduced in 2011.