Followup on Fedora Infrastructure information on Openssl vulnerability (CVE-2014-0160/heartbleed)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I want to pass along some additional information about this
vulnerability and how it affects Fedora Infrastructure. 

Shortly after sending the announcement, it was confirmed that private
keys from SSL certs CAN be acquired by this vulnerability. Accordingly,
we WILL be reissuing all our SSL certificates. We have started this
process today, and will send another email when all of them are

If you have not yet changed your Fedora Account system password you may
wish to wait until we have finished replacing all SSL certificates. 

Additionally, it was pointed out that Firefox does now use OCSP (Online
Certificate Status Protocol) by default. It should note revoked
certificates as long as it's able to reach the OSCP provider for that
Certificate Authority (if it cannot, it will assume the certificate is

Thanks for your patience as we work to keep Fedora resources secure. 


Attachment: signature.asc
Description: PGP signature

announce mailing list

[Index of Archives]     [Fedora Package Announce]     [Fedora Users]     [Fedora Package Review]     [Fedora Desktop]     [PAM]     [Big List of Linux Books]     [Gimp]     [Yosemite News]     [Yosemite Camping]     [Fedora Users]

  Powered by Linux