Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Robyn Bergeron <rbergero <at> redhat.com>
Subject: Re: Status on CVE-2014-0160, aka "Heartbleed"
Newsgroups: gmane.linux.redhat.fedora.core.announce
Date: Tuesday 8th April 2014 03:22:22 UTC (over 2 years ago)
----- Original Message -----
> From: "Robyn Bergeron" 
> To: [email protected]
> Sent: Monday, April 7, 2014 8:01:24 PM
> Subject: Status on CVE-2014-0160, aka "Heartbleed"
> 
> Greetings, Fedora community:
> 
> We're aware of the recently disclosed CVE-2014-0160 (aka
> "Heartbleed"):
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1085065
(openssl)
> https://bugzilla.redhat.com/show_bug.cgi?id=1085066
(mingw-openssl)
> 
> The issue affects the currently supported Fedora 19 and Fedora 20
> releases. Updates for openssl packages are available now, and
> mirrors near you will receive them shortly. If you do not want to
> wait for your local mirror to get updates, you can retrieve and
> install packages directly:
> 
> For Fedora 19 x86_64:
>   yum -y install koji
>   koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
>   yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm
> 
> For Fedora 20 x86_64:
>   yum -y install koji
>   koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1
>   yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm
> 
> Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20
> only).
> 

Additionally, if you would like signed packages, you can retrieve and
install those signed packages directly as well:

For Fedora 19 x86_64:
  yum -y install koji
  koji download-build --key=fb4b18e6 --arch=x86_64 openssl-1.0.1e-37.fc19.1
  yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm

For Fedora 20 x86_64:
  yum -y install koji
  koji download-build --key=246110c1 --arch=x86_64 openssl-1.0.1e-37.fc20.1
  yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm


> Package updates for mingw-openssl will receive fixes shortly and
> we'll update the community when they are available. Note that
> Fedora 18, which is no longer supported by the Fedora community, is
> also affected by this issue. Fedora 17 and previous releases, also no
> longer supported, are not affected by this issue.
> 
> Fedora Release Engineering is currently regenerating AMIs and
> qcow2/kvm images to include the fix.
> 
> The Fedora Infrastructure team is working to assess any additional
> impact, and will update the community as we develop more information.
> 
> Thanks for your patience as we work on this issue.
> 
> ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing
> package updates, and Major Hayden for providing the manual update
> guidance above.
> 
> 
> -Robyn Bergeron
> 
-- 
announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/announce
 
CD: 4ms