Patches have been released overnight for: CentOS 6.x: http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html RHEL 6.x: https://access.redhat.com/security/cve/CVE-2014-0160 https://rhn.redhat.com/errata/RHSA-2014-0376.html Debian 7/Wheezy, 6/Squeeze via the security repo (make sure you have http://security.debian.org/ enabled): https://security-tracker.debian.org/tracker/CVE-2014-0160 Ubuntu 12.04, 12.10, 13.04: http://www.ubuntu.com/usn/usn-2165-1/
apt-get update / yum upgrade should do it. Patch, patch, patch your servers, gently down the tubes... merrily, merrily, merrily, merrily, re-issue your certs. Jill On 2014-04-07 20:56, der.hans wrote: > > Based on the following page: > > OpenSSL heartbeat is enabled even if you're not using it unless you > disabled it at compile time. > > The vulnerability has been in place for two years ( version 1.0.1 up until > 1.0.1g that was just released ). > > It can be exploited to reveal your private key without leaving a trace. > > IDS can probably be configured to detect the attack. > > http://heartbleed.com/ > > ciao, > > >
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
