Serious OpenSSL vulnerability
Aleksandar Kostadinov
akostadi at redhat.com
Mon Apr 14 10:34:30 UTC 2014
Edward M wrote, On 04/10/2014 07:59 AM (EEST):
> On 4/9/2014 3:30 PM, eoconnor25 at gmail.com wrote:
>> I gotta say....I'm so impressed with the way this issue has been
>> handled by the developers here @ Fedora....I've updated all three of
>> my Fedora boxes....and will sleep soundly knowing the vulnerability
>> has been addressed by the best and brightest! So a heart felt "Thank
>> You" to the Guys and Gals who have dedicated their time to creating
>> the BEST operating system to ever grace my Dell computers!!!
>
> You may also want to create new private key, buy a new cert
> from CA and install the new key.
> for each website supporting OpenSSL and change the passwords.
> since this problem existed for two years
> and there is not really way to detect, if it was exploited by
> someone.
Add to that - revoke old certificate and hope the mechanism works with
your user's browsers and/or other software.
More information about the users
mailing list