On 15/04/14 13:56 , TarotApprentice wrote: > Apart from all the hype I presume BOINC will need to come bundled > with a patched OpenSSL and the projects need to update to a later > version incorporating a patched OpenSSL. Any advice from the BOINC > developers?
Charlie already updated OpenSSL bundled with the OSX client. Updates for the Windows and Linux clients should hopefully be in the pipeline (if affected). Projects need to check which OpenSSL version is installed on their servers. Many, like Einstein@Home, should still be running 0.98 which isn't affected. If you run any of the affected versions, update/upgrade to 1.0.1g or equivalent (Debian for instance ships a patched version of 1.0.1f for wheezy). If you used an affected version you should get a new SSL certificate (key) as you should consider it as being compromised. Unfortunately, that means all previous encrypted data transfers should also be considered compromised which in turn means your volunteers should be notified to change their passwords, obviously after you renewed your certificate keys. HTH, Oliver
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
