[Cialug] CentOS SSL

Josh More jmore at starmind.org
Wed Apr 9 10:05:42 CDT 2014 

Yep, the update for CentOS came out really early yesterday morning.

Remember, after you update, restart Apache (and OpenVPN if you're using
it).  Then regen your keys and have new certs issued.

There is growing evidence that people have been collecting data using this
bug, and this bug is two years old.  There's no way to be sure your data
was compromised, so you're best off just regenerating everything you need.

-Josh


On Wed, Apr 9, 2014 at 9:47 AM, Daniel Sloan <dan.sloan at drake.edu> wrote:

> Here's a nice reference: http://heartbleed.com/
>
> From the site:
> "What versions of the OpenSSL are affected?
>
> Status of different versions:
>
>     OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
>     OpenSSL 1.0.1g is NOT vulnerable
>     OpenSSL 1.0.0 branch is NOT vulnerable
>     OpenSSL 0.9.8 branch is NOT vulnerable
>
> Bug was introduced to OpenSSL in December 2011 and has been out in the
> wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g
> released on 7th of April 2014 fixes the bug.....
>  How about operating systems?
>
> Some operating system distributions that have shipped with potentially
> vulnerable OpenSSL version:
>
>     Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
>     Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
>     CentOS 6.5, OpenSSL 1.0.1e-15
>     Fedora 18, OpenSSL 1.0.1e-4
>     OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10
> May 2012)
>     FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
>     NetBSD 5.0.2 (OpenSSL 1.0.1e)
>     OpenSUSE 12.2 (OpenSSL 1.0.1c)
>
> Operating system distribution with versions that are not vulnerable:
>
>     Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
>     SUSE Linux Enterprise Server
>     FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
>     FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
>     FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)"
>
> Dan Sloan
> Systems Administrator
> College of Business and Public Administration
> Drake University
> Des Moines, IA 50311
> Phone # (515)-271-3705
> College Webpage:  http://www.cbpa.drake.edu
>
>
>
>
> -----Original Message-----
> From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On
> Behalf Of L. V. Lammert
> Sent: Wednesday, April 09, 2014 9:19 AM
> To: Central Iowa Linux Users Group
> Subject: [Cialug] CentOS SSL
>
> Has anyone seen data on the Heartbleed status for CentOS? What versions
> are affected? Remediation?
>
>         Lee
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list