I just belatedly found out about the heartbeat openssl bug (http://heartbleed.com).
Affected versions: OpenSSL versions from 1.0.1 to 1.0.1f.
The vulnerability has been fixed in OpenSSL 1.0.1g.
$ uname -a
Linux desktop 3.11.0-14-generic #21-Ubuntu SMP Tue Nov 12 17:04:55 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
$ openssl
OpenSSL> version
OpenSSL 1.0.1e 11 Feb 2013
$ sudo apt-get remove openssl
$ sudo apt-get install openssl
$ openssl
OpenSSL> version
OpenSSL 1.0.1e 11 Feb 2013
Drat.
QUESTION:
As a user, who is decidedly not a security expert, what do the security experts suggest we users immediately do about this vulnerability?
Bookmarks