AstLinux users and developers, Today a serious security vulnerability in the popular encryption library OpenSSL was publicly announced.
The Heartbleed Bug http://heartbleed.com/ http://www.openssl.org/news/secadv_20140407.txt Fortunately, *no* official version of AstLinux is affected because AstLinux 1.1.4 and earlier used the OpenSSL 0.9.8 series which is not affected by the "heartbleed" bug. For you developers, since 2014-01-17, revision 6359 the SVN 1.0 branch was bumped to OpenSSL 1.0.1f which *is* affected by the "heartbleed" bug. Today, 2014-04-07, revision 6491 the SVN 1.0 branch was bumped to OpenSSL 1.0.1g which includes the fix and is not affected by the "heartbleed" bug. So if anyone built a custom version of AstLinux with a revision in the range of 6359-6490, immediately build and install a new custom version with a revision of 6491 or later. Additionally, the AstLinux Team had already tagged AstLinux version 1.1.5 before the "heartbleed" bug was announced, which is now deleted from our repository. To eliminate any possible confusion, AstLinux 1.1.6 will be the next official version and AstLinux 1.1.5 will not be released. AstLinux 1.1.6 is expected to be released in the near future. Keep in mind this "heartbleed" issue isn't limited to servers, it affects clients and desktop machines as well, perform your due diligence to eliminate any risk associated with this serious vulnerability. Keep it secure, The AstLinux Team ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
