[Slackbuilds-users] Cauterizing heartbleed (CVE-2014-0160)
mancha
mancha1 at hush.com
Wed Apr 9 06:05:20 UTC 2014
Hello.
Given the pervasive effects of the heartbeat OpenSSL flaw (aka
heartbleed), it makes sense for SBo maintainers and the SBo community
at large to review packages offered by SBo and identify those that
statically link OpenSSL libraries or bundle their own copies.
An example of the latter is Node.js [1] which has already been fixed in
their devel branch [2].
A semi-temporary page on SBo with a list of affected packages and
mitigation steps (i.e. re-compile, upgrade version, etc.) might be
useful for end-users.
--mancha
[1] http://slackbuilds.org/repository/14.1/network/node/
[2] https://github.com/joyent/node/commit/d6fd118727
-----------------
PGP: 0x25168EB24F0B22AC
[56B7 100E F4D5 811C 8FEF ADD1 2516 8EB2 4F0B 22AC]
More information about the SlackBuilds-users
mailing list