'Urro,
Per the other comments, it is serious if you're administrating public
facing kit using things that rely on the openssl/ssh/tls. Not a big deal
for most end users.
Debian had patches out as of sometime today, a couple of boxes I updated
fist thing got new versions of openssl / open ssh..
Just updating some wheezy cloud servers and got:
libssl1.0.0 1.0.1e-2+deb7u5
openssh-server 1:6.0p1-4+deb7u1
openssh-client 1:6.0p1-4+deb7u1
openssl 1.0.1e-2+deb7u5
Speaking with my admin hat on it's a pain in the butt. I'm going to
weigh up the cost/risk/benefit of getting up to 40 certificates
re-issued. I've already re-generated server side and private SSH keys
for all the stuff we use for password-less logins as that step is easy,
but some certs are a major pain to get re-issued.
Wearing my security paranoia hat this type of issue is why I use knockd
and/or pinhole access for SSH whenever possible.
Cheers, Chris H.
On 08/04/14 18:48, chris wrote:
Hi All
This arrived in my mail box a few moments ago.
Http://heartbleed.com/
Question
Is this a hoax?
If not, how serious is it
Regards Chris Waipara
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
