On 04/09/2014 02:52 PM, Dan Thurman wrote:
On 04/08/2014 02:55 AM, Patrick O'Callaghan wrote:
https://www.openssl.org/news/secadv_20140407.txt
See also http://heartbleed.com/ and
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
This is potentially very serious and can cause leakage of private keys
and other information.
The current version of OpenSSL on Fedora (standard repos and Koji) is
1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be
provided urgently.
poc
I know that F18 is EOL & vulnerable, so
can I backport OpenSSL with a fix? I am'
not ready to upgrade at this time...
Dan
I noticed that when I updated, that the "latest" version is 1.0.1e? I
cannot seem to find a "g" in the repos...is there some specific place I
should look? Or will the version that got updated be sufficient?...
EGO II
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
