On Tue, Apr 08, 2014 at 10:35:24PM -0700, Jonathan Ryshpan wrote: > On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote: > > https://www.openssl.org/news/secadv_20140407.txt > > > > See also http://heartbleed.com/ and > > http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ > > > > This is potentially very serious and can cause leakage of private keys > > and other information. > > > > The current version of OpenSSL on Fedora (standard repos and Koji) is > > 1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be > > provided urgently. > > There's a front page article in the NY Times about this, first time ever > seen an article there about a technical subject. > > It's an interesting question why Net infrastructure code continues to be > written in C, a language that provides no automatic checks for buffer > overflow, which (if I understand right) is the opening for this security > breach, along with so many others. And why is the code run on hardware > that provides no such checks? There have been languages and system that > check for overflow available for 40 years. Why doesn't anyone use them? > > jon NPR is just this moment airing a story about this leak. -- ---- Fred Smith -- fredex@xxxxxxxxxxxxxxxxxxxxxx ----------------------------- The Lord detests the way of the wicked but he loves those who pursue righteousness. ----------------------------- Proverbs 15:9 (niv) ----------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org