Gentoo Archives: gentoo-user

From:	walt <w41ter@×××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Re: 'Heartbleed' bug
Date:	Thu, 10 Apr 2014 22:56:16
Message-Id:	`li77hc$fko$1@ger.gmane.org`
In Reply to:	[gentoo-user] 'Heartbleed' bug by Joseph

1	On 04/09/2014 05:06 PM, Joseph wrote:
2	> Is gentoo effected by this new 'Heartbleed' bug?
3	>
4	> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library...."
5	>
6	> http://heartbleed.com/
7
8	This topic was discussed in my favorite podcast, http://twit.tv/sn
9
10	Steve Gibson explained that the heartbeat feature was introduced in openssl to
11	allow UDP connections to mimic the 'keepalive' function of the TCP protocol.
12
13	IIRC Steve didn't explain how UDP bugs can compromise TCP connections.
14
15	Anyone here really understand the underlying principles? If so, please explain!
16
17	Thanks.

Subject	Author
Re: [gentoo-user] Re: 'Heartbleed' bug	Alan McKinnon <alan.mckinnon@×××××.com>
Re: [gentoo-user] Re: 'Heartbleed' bug	Matthew Finkel <matthew.finkel@×××××.com>
Re: [gentoo-user] Re: 'Heartbleed' bug	Ralf <ralf+gentoo@×××××××××××××××××××.de>
Re: [gentoo-user] Re: 'Heartbleed' bug	Philip Webb <purslow@××××××××.net>