----- Original Message ----- > From: "Robyn Bergeron" <rbergero@xxxxxxxxxx> > To: announce@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Monday, April 7, 2014 8:01:24 PM > Subject: Status on CVE-2014-0160, aka "Heartbleed" > > Greetings, Fedora community: > > We're aware of the recently disclosed CVE-2014-0160 (aka > "Heartbleed"): > > https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl) > https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl) > > The issue affects the currently supported Fedora 19 and Fedora 20 > releases. Updates for openssl packages are available now, and > mirrors near you will receive them shortly. If you do not want to > wait for your local mirror to get updates, you can retrieve and > install packages directly: > > For Fedora 19 x86_64: > yum -y install koji > koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1 > yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm > > For Fedora 20 x86_64: > yum -y install koji > koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1 > yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm > > Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20 > only). > Additionally, if you would like signed packages, you can retrieve and install those signed packages directly as well: For Fedora 19 x86_64: yum -y install koji koji download-build --key=fb4b18e6 --arch=x86_64 openssl-1.0.1e-37.fc19.1 yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm For Fedora 20 x86_64: yum -y install koji koji download-build --key=246110c1 --arch=x86_64 openssl-1.0.1e-37.fc20.1 yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm > Package updates for mingw-openssl will receive fixes shortly and > we'll update the community when they are available. Note that > Fedora 18, which is no longer supported by the Fedora community, is > also affected by this issue. Fedora 17 and previous releases, also no > longer supported, are not affected by this issue. > > Fedora Release Engineering is currently regenerating AMIs and > qcow2/kvm images to include the fix. > > The Fedora Infrastructure team is working to assess any additional > impact, and will update the community as we develop more information. > > Thanks for your patience as we work on this issue. > > ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing > package updates, and Major Hayden for providing the manual update > guidance above. > > > -Robyn Bergeron > -- announce mailing list announce@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/announce