[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Openssl bug CVE-2014-0160




On Tue, Apr 8, 2014, at 12:17 AM, Roger Dingledine wrote:
> A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today,
> which can be used to reveal up to 64kB of memory to a connected client
> or server.
> 
> https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
> 
> The short version is: upgrade your openssl (unless you're running an
> old one), and also more packages coming soon.
> 
> --Roger

So this is the openssl *binary*, the version of which is found by typing
 openssl version
not some library used when compiling Tor?
 If the latter, how do we find the version?
GD

-- 
http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk