Security Advisory: OpenSSL 1.0.1g

Posted by Alex Gaynor on April 7, 2014

Today a security release of OpenSSL was issued, fixing a critical vulnerability. This vulnerability allows a malicious client or server to read up to 64KB of memory out of the remote machine, potentially compromising any secrets within the process, including things like TLS certificates, session IDs, and Django SECRET_KEY values. All users are encouraged to upgrade immediately.

This issue does not affect Django directly, but will affect most users of Django.

Any machine which is serving traffic over TLS, or which is making outgoing TLS connections should upgrade its version of OpenSSL immediately.

This issue has been assigned CVE-2014-0160.

A complete description of the bug is also available.

New packages have been issued for the following operating systems:

Debian
Ubuntu
Red Hat Enterprise Linux
CentOS

News & Events

Security Advisory: OpenSSL 1.0.1g

Additional Information

Support Django!

Upcoming Events

Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

RSS Feeds

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us