PDA

View Full Version : SECURITY ADVISORY - Status on CVE-2014-0160, aka "Heartbleed"



nonamedotc
8th April 2014, 04:30 AM
Update immediately. See FPL's email below.



Greetings, Fedora community:

We're aware of the recently disclosed CVE-2014-0160 (aka
"Heartbleed"):

https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl)
https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl)

The issue affects the currently supported Fedora 19 and Fedora 20
releases. Updates for openssl packages are available now, and
mirrors near you will receive them shortly. If you do not want to
wait for your local mirror to get updates, you can retrieve and
install packages directly:

For Fedora 19 x86_64:
yum -y install koji
koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm

For Fedora 20 x86_64:
yum -y install koji
koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1
yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm

Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20
only).

Package updates for mingw-openssl will receive fixes shortly and
we'll update the community when they are available. Note that
Fedora 18, which is no longer supported by the Fedora community, is
also affected by this issue. Fedora 17 and previous releases, also no
longer supported, are not affected by this issue.

Fedora Release Engineering is currently regenerating AMIs and
qcow2/kvm images to include the fix.

The Fedora Infrastructure team is working to assess any additional
impact, and will update the community as we develop more information.

Thanks for your patience as we work on this issue.

ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing
package updates, and Major Hayden for providing the manual update
guidance above.


-Robyn Bergeron


For reference, here is Debian Security Advisory also - http://www.debian.org/security/2014/dsa-2896

nonamedotc
8th April 2014, 12:13 PM
If there are issues following the instructions in the post/email above, please take a look at this thread - http://www.forums.fedoraforum.org/showthread.php?t=298373