----- Reply message -----
From: "Dan Thurman" <dant@xxxxxxxxx>
To: "Community support for Fedora users" <users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Serious OpenSSL vulnerability
Date: Wed, Apr 9, 2014 2:52 pm
On 04/08/2014 02:55 AM, Patrick O'Callaghan wrote:
> https://www.openssl.org/news/secadv_20140407.txt
>
> See also http://heartbleed.com/ and
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
> This is potentially very serious and can cause leakage of private keys
> and other information.
>
> The current version of OpenSSL on Fedora (standard repos and Koji) is
> 1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be
> provided urgently.
>
> poc
>
I know that F18 is EOL & vulnerable, so
can I backport OpenSSL with a fix? I am'
not ready to upgrade at this time...
Dan
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
