[arch-general] Heads up: If you are using SSLv2 turn it off immediately
P. A. López-Valencia
vorbote at outlook.com
Tue Mar 1 22:23:50 UTC 2016
If you are have a web server facing the public internet, turn off SSLv2
immediately. OpenSSL 1.0.2g has the fix but it will take a while to drip
down to the repos as it brings with it an ABI change.
The vulnerability is so bad, it doesn't only have a CVE number,
CVE-2016-0800, but a name and its own website: HTTPS DROWN.
One third of all public web servers are open to attack and OpenSSL
may not be the only crypto library affected.
Pedro A. López-Valencia
Recession is when a neighbor loses his job. Depression is when you lose
yours. -Ronald Reagan
More information about the arch-general