OpenSSL FREAK exploit patched?

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
kcconnor
500 Command not understood
Posts: 2
Joined: 2015-03-04 16:02

OpenSSL FREAK exploit patched?

#1 Post by kcconnor » 2015-03-04 16:05

Has FileZilla Server been patched for the OpenSSL 1.01 FREAK vulnerability?

http://www.zdnet.com/article/freak-anot ... rity-hole/



Edit to add... related OpenSSL bug is CVE-2015-0204.

https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0204
Top
User avatar
botg
Site Admin
Posts: 35563
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: OpenSSL FREAK exploit patched?

#2 Post by botg » 2015-03-04 18:47

FileZilla Server uses OpenSSL 1.0.2 and as such is not vulnerable to this exploit.
Top
Lejon
500 Command not understood
Posts: 1
Joined: 2015-03-04 19:31
First name: Lejon
Last name: Johnson

Re: OpenSSL FREAK exploit patched?

#3 Post by Lejon » 2015-03-04 19:47

In which version did the OpenSSL 1.0.2 get implemented? We currently run the 0.9.46 beta which included OpenSSL 1.0.1h. One of the articles in the above original inquiry notes that beta versions of OpenSSL 1.0.2 are also susceptible to this attack. Is the current release of FileZilla Server running the latest version of OpenSSL 1.0.2 in which the fix is in place?
Top
User avatar
botg
Site Admin
Posts: 35563
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: OpenSSL FREAK exploit patched?

#4 Post by botg » 2015-03-04 20:50

Yes, the latest version uses OpenSSL 1.0.2

Note that outdated versions of FileZilla or FileZilla Server are entirely unsupported. Please update immediately if you use any outdated version.
Top
Post Reply

Return to “FileZilla Server Support”