As far as the Windows version goes, can I just update some DLLs? Or will there be a new download package made like was done for heartbleed?
Thanks,
r3m
Unreal IRCd & the 05-Jun-2014 OpenSSL vulns
Unreal IRCd & the 05-Jun-2014 OpenSSL vulns
Defunct...
Updated Win32 libs, binaries and easy to
use compile script for Visual Studio .NET
http://unreal.hates.tv
Updated Win32 libs, binaries and easy to
use compile script for Visual Studio .NET
http://unreal.hates.tv
-
- Head of Support
- Posts: 2085
- Joined: Tue Jun 15, 2004 8:50 pm
- Location: Chino Hills, CA, US
- Contact:
Re: Unreal IRCd & the 05-Jun-2014 OpenSSL vulns
What version of OpenSSL is your server running? You may find out by doing a /version as an oper on your server.
If you have OpenSSL version 1.0.0 or 1.0.1, you'll need to wait until we can get together a new release or patch for Windows. You can try to replace the OpenSSL DLL files, though as I recall they need to be compiled with specific parameters to be compatible with UnrealIRCD.
If you have any other version of OpenSSL, you're safe.
If you have OpenSSL version 1.0.0 or 1.0.1, you'll need to wait until we can get together a new release or patch for Windows. You can try to replace the OpenSSL DLL files, though as I recall they need to be compiled with specific parameters to be compatible with UnrealIRCD.
If you have any other version of OpenSSL, you're safe.
Re: Unreal IRCd & the 05-Jun-2014 OpenSSL vulns
OpenSSL 1.0.1g 7 Apr 2014
Defunct...
Updated Win32 libs, binaries and easy to
use compile script for Visual Studio .NET
http://unreal.hates.tv
Updated Win32 libs, binaries and easy to
use compile script for Visual Studio .NET
http://unreal.hates.tv
-
- Head of Support
- Posts: 2085
- Joined: Tue Jun 15, 2004 8:50 pm
- Location: Chino Hills, CA, US
- Contact:
Re: Unreal IRCd & the 05-Jun-2014 OpenSSL vulns
We have looked into the advisory, and it appears 6 of the 7 issues reported do not apply to UnrealIRCd. The issue that applies is the vulnerability in MITM which requires both the server AND client to be running a vulnerable version of OpenSSL to work. We will update the Windows compile with new OpenSSL libraries (DLLs) with the next update to UnrealIRCd (perhaps 2-3 weeks).
In the mean time, I recommend updating OpenSSL on the systems you use to IRC with as just having your client up to date will keep you safe.
Thank you for bringing this to our attention.
In the mean time, I recommend updating OpenSSL on the systems you use to IRC with as just having your client up to date will keep you safe.
Thank you for bringing this to our attention.
Re: Unreal IRCd & the 05-Jun-2014 OpenSSL vulns
You're welcome. Thanks for the reply.
Defunct...
Updated Win32 libs, binaries and easy to
use compile script for Visual Studio .NET
http://unreal.hates.tv
Updated Win32 libs, binaries and easy to
use compile script for Visual Studio .NET
http://unreal.hates.tv