On 04/08/2014 02:55 AM, Patrick O'Callaghan wrote:
https://www.openssl.org/news/secadv_20140407.txt See also http://heartbleed.com/ and http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ This is potentially very serious and can cause leakage of private keys and other information. The current version of OpenSSL on Fedora (standard repos and Koji) is 1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be provided urgently. poc
I know that F18 is EOL & vulnerable, so can I backport OpenSSL with a fix? I am' not ready to upgrade at this time... Dan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
