Fwd: Status on CVE-2014-0160, aka "Heartbleed"
poma
pomidorabelisima at gmail.com
Tue Apr 8 06:22:02 UTC 2014
On 08.04.2014 05:12, Ed Greshko wrote:
> FYI....
>
>
> -------- Original Message --------
> Subject: Status on CVE-2014-0160, aka "Heartbleed"
> Date: Mon, 7 Apr 2014 23:01:24 -0400 (EDT)
> From: Robyn Bergeron <rbergero at redhat.com>
> Reply-To: users at lists.fedoraproject.org
> To: announce at lists.fedoraproject.org
>
>
>
> Greetings, Fedora community:
>
> We're aware of the recently disclosed CVE-2014-0160 (aka
> "Heartbleed"):
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl)
> https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl)
>
> The issue affects the currently supported Fedora 19 and Fedora 20
> releases. Updates for openssl packages are available now, and
> mirrors near you will receive them shortly. If you do not want to
> wait for your local mirror to get updates, you can retrieve and
> install packages directly:
>
> For Fedora 19 x86_64:
> yum -y install koji
> koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
> yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm
>
> For Fedora 20 x86_64:
> yum -y install koji
> koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1
> yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm
>
> Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20
> only).
>
> Package updates for mingw-openssl will receive fixes shortly and
> we'll update the community when they are available. Note that
> Fedora 18, which is no longer supported by the Fedora community, is
> also affected by this issue. Fedora 17 and previous releases, also no
> longer supported, are not affected by this issue.
>
> Fedora Release Engineering is currently regenerating AMIs and
> qcow2/kvm images to include the fix.
>
> The Fedora Infrastructure team is working to assess any additional
> impact, and will update the community as we develop more information.
>
> Thanks for your patience as we work on this issue.
>
> ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing
> package updates, and Major Hayden for providing the manual update
> guidance above.
>
>
> -Robyn Bergeron
>
>
>
Apropos the "heartbleed bug"
http://heartbleed.com/
poma
More information about the users
mailing list