On 4/8/2014 2:55 AM, Patrick O'Callaghan wrote:
https://www.openssl.org/news/secadv_20140407.txt
See also http://heartbleed.com/ and
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
This is potentially very serious and can cause leakage of private keys
and other information.
The current version of OpenSSL on Fedora (standard repos and Koji) is
1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be
provided urgently.
poc
If anybody is interested, Heartbleed test:
(Enter hostname of server to test for CVE-2014-0160)
http://filippo.io/Heartbleed/
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
