Has FileZilla Server been patched for the OpenSSL 1.01 FREAK vulnerability?
http://www.zdnet.com/article/freak-anot ... rity-hole/
Edit to add... related OpenSSL bug is CVE-2015-0204.
https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0204
OpenSSL FREAK exploit patched?
Moderator: Project members
Re: OpenSSL FREAK exploit patched?
FileZilla Server uses OpenSSL 1.0.2 and as such is not vulnerable to this exploit.
-
- 500 Command not understood
- Posts: 1
- Joined: 2015-03-04 19:31
- First name: Lejon
- Last name: Johnson
Re: OpenSSL FREAK exploit patched?
In which version did the OpenSSL 1.0.2 get implemented? We currently run the 0.9.46 beta which included OpenSSL 1.0.1h. One of the articles in the above original inquiry notes that beta versions of OpenSSL 1.0.2 are also susceptible to this attack. Is the current release of FileZilla Server running the latest version of OpenSSL 1.0.2 in which the fix is in place?
Re: OpenSSL FREAK exploit patched?
Yes, the latest version uses OpenSSL 1.0.2
Note that outdated versions of FileZilla or FileZilla Server are entirely unsupported. Please update immediately if you use any outdated version.
Note that outdated versions of FileZilla or FileZilla Server are entirely unsupported. Please update immediately if you use any outdated version.