Serious OpenSSL vulnerability

[David Mehler]

Hello,

What is Koji? I downloaded the src.rpm, built it and installed the
resulting binary rpm, was there an easier way?

Thanks.
Dave.



On 4/8/14, Tim <ignored_mailbox at yahoo.com.au> wrote:
> Allegedly, on or about 08 April 2014, Patrick O'Callaghan sent:
>> See also http://heartbleed.com/ and
>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
> Quoting from the arstechnica link (is that name meant to be funny?), I
> find this:
>
> "recovering from the two-year-long vulnerability may also require
> revoking any exposed keys, reissuing new keys, and invalidating all
> session keys and session cookies"
>
> Years ago I noticed a browser option to check for revoked keys, one that
> was always disabled by default on any system I looked.  Switching it on
> caused many sites to fail, because they were badly set up.  e.g. My
> bank, and many other mainstream sites.
>
> It was an option that I considered ought to be set by default.  I would
> have thought that checking for revoked certificates should be a
> mandatory step in a secure browsing situation.  I wonder what the
> current state of play is with that?
>
> --
> [tim at localhost ~]$ uname -rsvp
> Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64
>
> All mail to my mailbox is automatically deleted, there is no point
> trying to privately email me, I will only read messages posted to the
> public lists.
>
> George Orwell's '1984' was supposed to be a warning against tyranny, not
> a set of instructions for supposedly democratic governments.
>
>
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>