Topic "vulnerability in OpenSSL"

Author Message
browning

Guest


Hello,
it has been reported recently that there is a serious vulnerability in OpenSSL 1.0.1. It is recommended to adopt the fix (OpenSSL 1.0.1g) ASAP.
https://www.openssl.org/news/secadv/20140407.txt
http://heartbleed.com/
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
This bug is tracked here:
http://winscp.net/tracker/show_bug.cgi?id=1151

We are working on a fix.

Note that OpenSSL is used with FTP over TLS/SSL only. Majority (about 98%) of WinSCP users use SSH (SFTP/SCP) and plain FTP only and are NOT affected!
SikhSuperman
[View user's profile]

Joined: 2014-03-19
Posts: 6
When will 5.5.3 be released with the OpenSSL bug fix? We're using 5.5.2 and from my reading the underlying OpenSSL core is 1.0.1f? Can somebody confirm this?

Thanks
SS
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
SikhSuperman wrote:
When will 5.5.3 be released with the OpenSSL bug fix?

In few days.

Quote:
We're using 5.5.2 and from my reading the underlying OpenSSL core is 1.0.1f? Can somebody confirm this?

That's correct.
SikhSuperman
[View user's profile]

Joined: 2014-03-19
Posts: 6
Thanks Martin -

We're using the SSH feature over sFTP of WinSCP so we should be safe on the 'Heartbleed' bug.
Ref: http://winscp.net/forum/viewtopic.php?t=13736

Thanks again for confirming!
SS
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
SikhSuperman wrote:
We're using the SSH feature over sFTP of WinSCP so we should be safe on the 'Heartbleed' bug.
Ref: http://winscp.net/forum/viewtopic.php?t=13736

Correct. OpenSSL is used with FTP over TLS/SSL only. Majority (about 98%) of WinSCP users use SSH (SFTP/SCP) and plain FTP only and are NOT affected!
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License