OpenSSL's Heartbleed security bug status report


as you might know about a severe security vulnerability was found on 
the OpenSSL package earlier. [1] (CVE-2014-0160)

The GNOME Sysadmin Team acted on it and applied the relevant security 
update on every single machine hosted. Additionally all the previous 
SSL certificates were revoked and replaced by a new set of 

If you are running any SSL-related plugin on your 
browser you'll surely be warned the SSL certificates for the following 
domains have changed during the past 24 hours:

1. *
2. *
3. *

That said I would still suggest everyone to update their passwords 
(on any of the hosted services used before today) in case the private
keys were compromised and the user password was sent and captured by 
the attacker using the Heartbleed bug. Sessions on the hosted 
services have also been cleared.

Have an awesome day everyone and please mail <support AT gnome DOT 
org> in case of problems.




Debian Developer,
Fedora / EPEL packager,
GNOME Sysadmin Team Coordinator,
GNOME Foundation Membership & Elections Committee Chairman


Attachment: signature.asc
Description: Digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]