Fwd: Status on CVE-2014-0160, aka "Heartbleed"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

FYI....


-------- Original Message --------
Subject: Status on CVE-2014-0160, aka "Heartbleed"
Date: Mon, 7 Apr 2014 23:01:24 -0400 (EDT)
From: Robyn Bergeron <rbergero@xxxxxxxxxx>
Reply-To: users@xxxxxxxxxxxxxxxxxxxxxxx
To: announce@xxxxxxxxxxxxxxxxxxxxxxx 


Greetings, Fedora community:

We're aware of the recently disclosed CVE-2014-0160 (aka 
"Heartbleed"):

https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl)
https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl)

The issue affects the currently supported Fedora 19 and Fedora 20 
releases. Updates for openssl packages are available now, and
mirrors near you will receive them shortly. If you do not want to 
wait for your local mirror to get updates, you can retrieve and 
install packages directly:

For Fedora 19 x86_64:
  yum -y install koji
  koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
  yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm

For Fedora 20 x86_64:
  yum -y install koji
  koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1
  yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm

Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20
only).

Package updates for mingw-openssl will receive fixes shortly and 
we'll update the community when they are available. Note that 
Fedora 18, which is no longer supported by the Fedora community, is 
also affected by this issue. Fedora 17 and previous releases, also no 
longer supported, are not affected by this issue.

Fedora Release Engineering is currently regenerating AMIs and
qcow2/kvm images to include the fix.

The Fedora Infrastructure team is working to assess any additional 
impact, and will update the community as we develop more information.

Thanks for your patience as we work on this issue.

ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing
package updates, and Major Hayden for providing the manual update
guidance above.


-Robyn Bergeron
-- 
announce mailing list
announce@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/announce



--
Getting tired of non-Fedora discussions and self-serving posts 
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux