[Tkabber] Release of Tkabber-Pack 1.1-2 fixes a critical security vulnerability in its bundled OpenSSL library

Konstantin Khomoutov flatworm at users.sourceforge.net
Tue Apr 8 14:16:45 MSK 2014


Security advisory!
==================

Release of Tkabber-Pack 1.1-2 fixes a critical security vulnerability
in its bundled OpenSSL library

Users of any release of Tkabber pack earlier than 1.1-2 are
*strongly advised to upgrade* to the current release [1] as it contains
a fixed version of the OpenSSL library [2] which is immune to a critical
security vulnerability [3] (CVE-2014-0160, dubbed "Heartbleed").

Thanks to Vitaly Takmazov for prompt preparing of the updated build!

More information on the vulnerability:
* In-depth explanation of the vulnerability. [4]
* Online testing tool. [5]
* Discussion on LWN. [6]
* A piece of news on opennet.ru (in Russian). [7]

1. http://tkabber.jabber.ru/tkabber-pack/1.1
2. https://www.openssl.org/
3. https://www.openssl.org/news/secadv_20140407.txt
4. http://heartbleed.com/
5. http://possible.lv/tools/hb/
6. http://lwn.net/Articles/593683/
7. http://www.opennet.ru/opennews/art.shtml?num=39518


More information about the Tkabber mailing list