Security Advisory: OpenSSL 1.0.1g

Posted by Alex Gaynor on April 7, 2014

Today a security release of OpenSSL was issued, fixing a critical vulnerability. This vulnerability allows a malicious client or server to read up to 64KB of memory out of the remote machine, potentially compromising any secrets within the process, including things like TLS certificates, session IDs, and Django SECRET_KEY values. All users are encouraged to upgrade immediately.

This issue does not affect Django directly, but will affect most users of Django.

Any machine which is serving traffic over TLS, or which is making outgoing TLS connections should upgrade its version of OpenSSL immediately.

This issue has been assigned CVE-2014-0160.

A complete description of the bug is also available.

New packages have been issued for the following operating systems:

Back to Top