On 04/08/2014 05:11 AM, Edward M wrote: > On 4/8/2014 2:55 AM, Patrick O'Callaghan wrote: >> https://www.openssl.org/news/secadv_20140407.txt >> >> See also http://heartbleed.com/ and >> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ >> >> >> This is potentially very serious and can cause leakage of private keys >> and other information. >> >> The current version of OpenSSL on Fedora (standard repos and Koji) is >> 1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be >> provided urgently. >> >> poc >> > If anybody is interested, Heartbleed test: > (Enter hostname of server to test for CVE-2014-0160) > > http://filippo.io/Heartbleed/ Just a reminder to start SSL protected services after installation (e.g., httpd, smtp, etc.) -- -- Steve -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
