[olug] Heartbleed

Tom Fritz tfritz at me.com
Thu Apr 10 00:01:57 UTC 2014


> I will assume that the slow traffic on the mailing list tonight is
> because we are all busy checking our systems for the openssl heartbleed
> vulnerability.
> 
> If you aren't, you should be.
> 
> RHEL/CentOS folks, please see this note:
> https://bugzilla.redhat.com/show_bug.cgi?id=1084875#c9
> 
> Red Hat announcement:
> https://access.redhat.com/site/announcements/781953
> 
> Fedora Announcement:
> https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html

	There appears to be some confusion if applying the fix is enough. If your server has been compromised you need to regen/replace your certs after installing the fixed openssl. I have talked with some folks and they think updating the openssl is enough and it may not be. You can’t detect if your system has been compromised. I also haven’t seen an IDS/IPS signature released. If someone otherwise please share. 

Tom.


More information about the OLUG mailing list