On 04/08/2014 02:55 AM, Patrick O'Callaghan wrote:
https://www.openssl.org/news/secadv_20140407.txt
See also http://heartbleed.com/ and
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
This is potentially very serious and can cause leakage of private keys
and other information.
The current version of OpenSSL on Fedora (standard repos and Koji) is
1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be
provided urgently.
poc
I know that F18 is EOL & vulnerable, so
can I backport OpenSSL with a fix? I am'
not ready to upgrade at this time...
Dan
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
