Updated UnrealIRCd 4.0.10 for Windows
Status: Beta
Brought to you by:
wildchild
Menu
▾
▴
Updated UnrealIRCd 4.0.10 for Windows
|
From: Bram M. <sy...@un...> - 2017-02-02 08:24:17
|
(You can unsubscribe here <https://lists.sourceforge.net/lists/listinfo/unreal-notify> at the bottom of the page) LibreSSL, the library we use for SSL/TLS on Windows, has released an update. There seemed to be a security issue in the way they implemented ECDSA. This is only an issue if you use /elliptic curve certificates/, not if you use /RSA /certificates (=the default). We have replaced the Windows download of UnrealIRCd 4.0.10 on our website (new filename: /unrealircd-4.0.10-sslfix.exe/). If you use UnrealIRCd on Windows with an elliptic curve certificate then you should upgrade to this version. For reference, the exact text from the LibreSSL folks is as follows: * Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing. This is due to BN_mod_inverse() being used without the constant time flag being set. Reported by Cesar Pereida Garcia and Billy Brumley (Tampere University of Technology). The fix was developed by Cesar Pereida Garcia. You can use /VERSION on IRC as an IRCOp(!) to figure out which LibreSSL version is in use. If you see this then it's the *old *version with the ECDSA bug: [08:18:08] -irc.test.net- LibreSSL 2.4.4 After upgrading you should see this, which confirms you are using the *new *version: [08:30:24] -irc.test.net- LibreSSL 2.4.5 As always, you can download UnrealIRCd from www.unrealircd.org. -- Bram Matthys Software developer/IT con...@vu... Website:www.vulnscan.org PGP key:www.vulnscan.org/pubkey.asc PGP fp: 2ABD 57FA 7783 5ADD C5EC 8ED7 DE93 B8B4 7E74 5EB3 |
