[Twisted-Python] Security Advisory: OpenSSL 1.0.1g
Alex Gaynor
alex.gaynor at gmail.com
Mon Apr 7 17:44:25 MDT 2014
Today a `security release of OpenSSL`_ was issued, fixing a critical
vulnerability. This vulnerability allows a malicious client or server to read
up to 64KB of memory out of the remote machine, potentially compromising any
secrets within the process, including things like TLS private certificates.
This issue does not affect Twisted directly, but will affect many users of
Twisted.
Any machine which is serving traffic over TLS, or which is making outgoing TLS
connections should upgrade it's version of OpenSSL immediately.
This issue has been assigned CVE-2014-0160.
A `complete description of the bug is also available`_.
New packages have been issued for the following operating systems:
* `Debian`_
* `Ubuntu`_
.. _`security release of OpenSSL`:
https://www.openssl.org/news/secadv_20140407.txt
.. _`complete description of the bug is also available`: http://heartbleed.com
.. _`Debian`: https://www.debian.org/security/2014/dsa-2896
.. _`Ubuntu`: http://www.ubuntu.com/usn/usn-2165-1/
More information about the Twisted-Python
mailing list