Dne 10.4.2014 14:47, Johnny Hughes napsal(a): > Those are the two possible things that could have happened. > ============================= > In the case of CentOS servers, the time period where that could have > occurred is from December 1, 2013 (when openssl-1.0.1e-15.el6 was > released in CentOS-6.5) until people using 6.5 upgrade to > openssl-1.0.1e-16.el6_5.7 (available on April 8th, 2014). In the case > of some other distributions, the possible time frame is from March > 2012 until April 2014. Yes, that's I wanted to point out. And that's why we are going to replace all the SSL certificates. But this is not enough, we have to and are going to regenerate the user passwords and ssh keys. What more we are also going to regenerate server ssh keys, they could be compromised because of GSISSHD. DH _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos