On Wed, 16 Apr 2014 22:43:13 -0400 Christian Miller <cmiller4@xxxxxxxxxxxxxxx> wrote: > Dear Website Administrator for the Fedora project. I was using a > simple Google dork, that I was tweaking to search for heartbleed > vulnerable websites when I stumbled upon the server status page of > the fedora project. The page in question is > https://admin.fedoraproject.org/status/app1. This page indicates the > the Fedora project servers run open ssl 1.0.1e . This version of open > ssl is vulnerable to the heartbleed exploit. I recommend updating > your open ssl as soon as possible. Sincerely, > Chris Miller Thanks for your concern. ;) Both Red Hat Enterprise Linux and Fedora backported the fix for heartbleed on the existing 1.0.1e version, so a simple version check like that will not tell you what sites are vulnerable. We updated our openssl version hours after the fix was available, and are no longer vulnerable to heartbleed. Hope that helps, kevin
Attachment:
signature.asc
Description: PGP signature
-- websites mailing list websites@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/websites
