Update on CVE-2014-0160, aka "Heartbleed"

Robyn Bergeron rbergero at redhat.com
Wed Apr 9 01:02:40 UTC 2014


Hello again, Fedora community.

This is an update on Fedora's response to CVE-2014-0160 (aka
"Heartbleed"). This is a critical security vulnerability that requires
your immediate attention.

Updates are now available, and are being pushed to our mirror network.
The update announcements for Fedora 19 and Fedora 20 are available at:

  Fedora 19: https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
  Fedora 20: https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

Apply updates with 

    sudo yum upgrade openssl openssl-libs
   
or with your graphical package manager.

After applying the update, please make sure to restart all services
which use OpenSSL. You may find it easiest to simply restart your
system. However, if you prefer, you may restart any affected services
manually. You can get an overview of programs that need to be restarted
by using the command line tool

    sudo needs-restarting

(This is included in the `yum-utils` package.) Restart all listed
programs until the output of needs-restarting is empty.

The Fedora Cloud images linked at
https://fedoraproject.org/en/get-fedora#cloud have been recreated with
the updated packages preinstalled.

Fixes have been applied to servers used in Fedora infrastructure and we
are investigating any further remediation which may be necessary.

Special thanks to Robert Mayr, Kévin Raymond, Dennis Gilmore, Matt
Miller, Paul Frields, Major Hayden, Kurt Seifried, Kevin Fenzi,
William Brown, Nick Bebout, Adam Williamson, Joachim Backes, Pádraig
Brady, Lokesh Mandvekar, David Strauss, Joop Braak, Michael
Cronenworth, Till Maas, Luke Macken, and others for effort in making
these updates available quickly.


- Robyn Bergeron


More information about the announce mailing list