news 28 Posted April 9, 2014 Hello again, Fedora community. This is an update on Fedora's response to CVE-2014-0160 (aka "Heartbleed"). This is a critical security vulnerability that requires your immediate attention. Updates are now available, and are being pushed to our mirror network. The update announcements for Fedora 19 and Fedora 20 are available at: Fedora 19: https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html Fedora 20: https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html Apply updates with sudo yum upgrade openssl openssl-libs or with your graphical package manager. After applying the update, please make sure to restart all services which use OpenSSL. You may find it easiest to simply restart your system. However, if you prefer, you may restart any affected services manually. You can get an overview of programs that need to be restarted by using the command line tool sudo needs-restarting (This is included in the `yum-utils` package.) Restart all listed programs until the output of needs-restarting is empty. The Fedora Cloud images linked at https://fedoraproject.org/en/get-fedora#cloud have been recreated with the updated packages preinstalled. Fixes have been applied to servers used in Fedora infrastructure and we are investigating any further remediation which may be necessary. Special thanks to Robert Mayr, Kévin Raymond, Dennis Gilmore, Matt Miller, Paul Frields, Major Hayden, Kurt Seifried, Kevin Fenzi, William Brown, Nick Bebout, Adam Williamson, Joachim Backes, Pádraig Brady, Lokesh Mandvekar, David Strauss, Joop Braak, Michael Cronenworth, Till Maas, Luke Macken, and others for effort in making these updates available quickly. - Robyn Bergeron -- Share this post Link to post
