Re: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Dne 10.4.2014 14:47, Johnny Hughes napsal(a):
> Those are the two possible things that could have happened. 

> ============================= 

> In the case of CentOS servers, the time period where that could have
> occurred is from December 1, 2013 (when openssl-1.0.1e-15.el6 was
> released in CentOS-6.5) until people using 6.5 upgrade to
> openssl-1.0.1e-16.el6_5.7 (available on April 8th, 2014). In the case
> of some other distributions, the possible time frame is from March
> 2012 until April 2014.

Yes, that's I wanted to point out. And that's why we are going to
replace all the SSL certificates. But this is not enough, we have to and
are going to regenerate the user passwords and ssh keys. What more we
are also going to regenerate server ssh keys, they could be compromised
because of GSISSHD.

DH
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux