[olug] Heartbleed
Tom Fritz
tfritz at me.com
Thu Apr 10 00:01:57 UTC 2014
> I will assume that the slow traffic on the mailing list tonight is
> because we are all busy checking our systems for the openssl heartbleed
> vulnerability.
>
> If you aren't, you should be.
>
> RHEL/CentOS folks, please see this note:
> https://bugzilla.redhat.com/show_bug.cgi?id=1084875#c9
>
> Red Hat announcement:
> https://access.redhat.com/site/announcements/781953
>
> Fedora Announcement:
> https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html
There appears to be some confusion if applying the fix is enough. If your server has been compromised you need to regen/replace your certs after installing the fixed openssl. I have talked with some folks and they think updating the openssl is enough and it may not be. You can’t detect if your system has been compromised. I also haven’t seen an IDS/IPS signature released. If someone otherwise please share.
Tom.
More information about the OLUG
mailing list