<---- template headericclude ----->
SECURITY ADVISORY - Status on CVE-2014-0160, aka "Heartbleed"
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2011
    Location
    /
    Posts
    5,242
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    SECURITY ADVISORY - Status on CVE-2014-0160, aka "Heartbleed"

    Update immediately. See FPL's email below.

    Quote Originally Posted by Mailing List
    Greetings, Fedora community:

    We're aware of the recently disclosed CVE-2014-0160 (aka
    "Heartbleed"):

    https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl)
    https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl)

    The issue affects the currently supported Fedora 19 and Fedora 20
    releases. Updates for openssl packages are available now, and
    mirrors near you will receive them shortly. If you do not want to
    wait for your local mirror to get updates, you can retrieve and
    install packages directly:

    For Fedora 19 x86_64:
    yum -y install koji
    koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
    yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm

    For Fedora 20 x86_64:
    yum -y install koji
    koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1
    yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm

    Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20
    only).

    Package updates for mingw-openssl will receive fixes shortly and
    we'll update the community when they are available. Note that
    Fedora 18, which is no longer supported by the Fedora community, is
    also affected by this issue. Fedora 17 and previous releases, also no
    longer supported, are not affected by this issue.

    Fedora Release Engineering is currently regenerating AMIs and
    qcow2/kvm images to include the fix.

    The Fedora Infrastructure team is working to assess any additional
    impact, and will update the community as we develop more information.

    Thanks for your patience as we work on this issue.

    ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing
    package updates, and Major Hayden for providing the manual update
    guidance above.


    -Robyn Bergeron
    For reference, here is Debian Security Advisory also - http://www.debian.org/security/2014/dsa-2896

  2. #2
    Join Date
    Mar 2011
    Location
    /
    Posts
    5,242
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SECURITY ADVISORY - Status on CVE-2014-0160, aka "Heartbleed"

    If there are issues following the instructions in the post/email above, please take a look at this thread - http://www.forums.fedoraforum.org/sh...d.php?t=298373

Similar Threads

  1. GdNewHat"Hatrack"2014 GNU/Linux-Libre Fedora remix+screenshots
    By Kordo in forum Fedora Spins & Remixes
    Replies: 0
    Last Post: 15th February 2014, 04:22 PM
  2. nginx security advisory (CVE-2013-4547)
    By mmix in forum Security and Privacy
    Replies: 0
    Last Post: 20th November 2013, 07:02 AM
  3. Replies: 2
    Last Post: 20th November 2009, 11:46 PM
  4. Remotely "convert" a i386 installation to x86_64 (aka Cruzin For A Bruzin)
    By DougWare in forum Alpha, Beta & Snapshots Discussions (Fedora 11 Only)
    Replies: 2
    Last Post: 12th May 2009, 07:48 PM
  5. up2date "View Advisory" button - useless?
    By Prion in forum Using Fedora
    Replies: 1
    Last Post: 27th November 2004, 12:34 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
[[template footer(Guest)]]