From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4B94D138A1F for ; Thu, 10 Apr 2014 22:56:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 50AB9E0B8B; Thu, 10 Apr 2014 22:56:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4B1C8E0B3C for ; Thu, 10 Apr 2014 22:56:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 9B793340165 for ; Thu, 10 Apr 2014 22:56:06 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: 3.652 X-Spam-Level: *** X-Spam-Status: No, score=3.652 tagged_above=-999 required=5.5 tests=[AWL=-0.140, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, FSL_HELO_BARE_IP_2=1.999, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_NUMERIC_HELO=0.865, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcCQupHMEv8E for ; Thu, 10 Apr 2014 22:56:00 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A9456340164 for ; Thu, 10 Apr 2014 22:55:59 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WYNsu-0005g9-BZ for gentoo-user@gentoo.org; Fri, 11 Apr 2014 00:55:52 +0200 Received: from 216.240.130.92 ([216.240.130.92]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 11 Apr 2014 00:55:52 +0200 Received: from w41ter by 216.240.130.92 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 11 Apr 2014 00:55:52 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: walt Subject: [gentoo-user] Re: 'Heartbleed' bug Date: Thu, 10 Apr 2014 15:55:47 -0700 Message-ID: References: <20140410000635.GB9729@syscon7.ed.shawcable.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 216.240.130.92 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 In-Reply-To: <20140410000635.GB9729@syscon7.ed.shawcable.net> X-Archives-Salt: 8208eeb0-d851-48b7-a5ab-31694cd7fba3 X-Archives-Hash: f0377787a237a36333813fc8b401b6e7 On 04/09/2014 05:06 PM, Joseph wrote: > Is gentoo effected by this new 'Heartbleed' bug? > > "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library...." > > http://heartbleed.com/ This topic was discussed in my favorite podcast, http://twit.tv/sn Steve Gibson explained that the heartbeat feature was introduced in openssl to allow *UDP* connections to mimic the 'keepalive' function of the TCP protocol. IIRC Steve didn't explain how UDP bugs can compromise TCP connections. Anyone here really understand the underlying principles? If so, please explain! Thanks.