On Wed, 16 Apr 2014 22:43:13 -0400
Christian Miller <cmiller4(a)stu.norwich.edu> wrote:
Dear Website Administrator for the Fedora project. I was using a
simple Google dork, that I was tweaking to search for heartbleed
vulnerable websites when I stumbled upon the server status page of
the fedora project. The page in question is
https://admin.fedoraproject.org/status/app1. This page indicates the
the Fedora project servers run open ssl 1.0.1e . This version of open
ssl is vulnerable to the heartbleed exploit. I recommend updating
your open ssl as soon as possible. Sincerely,
Chris Miller
Thanks for your concern. ;)
Both Red Hat Enterprise Linux and Fedora backported the fix for
heartbleed on the existing 1.0.1e version, so a simple version check
like that will not tell you what sites are vulnerable.
We updated our openssl version hours after the fix was available, and
are no longer vulnerable to heartbleed.
Hope that helps,
kevin