Hello everyone,
Please be aware that the recently disclosed vulnerability in openssl
(CVE-2014-0160)[1] affected the Ubuntu Precise distribution of that library
(which is in use in Labs). This vulnerability potentially exposes server
process memory in a way that may allow an attacker to recover the private key
during SSL negotiation.
We have forcibly upgraded that library on all instances (as well as the WMF
infrastructure) and will replace any potentially exposed SSL key material; but
please note that if you use SSL within your project, you should consider all
keys to be compromised, generate new keys and issue new certificates.
(To be clear, this does not affect SSH key material in any way).
— Marc
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
_______________________________________________
Labs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/labs-l
