----- Original Message -----
From: "Robyn Bergeron" <rbergero(a)redhat.com>
To: announce(a)lists.fedoraproject.org
Sent: Monday, April 7, 2014 8:01:24 PM
Subject: Status on CVE-2014-0160, aka "Heartbleed"
Greetings, Fedora community:
We're aware of the recently disclosed CVE-2014-0160 (aka
"Heartbleed"):
https://bugzilla.redhat.com/show_bug.cgi?id=1085065 (openssl)
https://bugzilla.redhat.com/show_bug.cgi?id=1085066 (mingw-openssl)
The issue affects the currently supported Fedora 19 and Fedora 20
releases. Updates for openssl packages are available now, and
mirrors near you will receive them shortly. If you do not want to
wait for your local mirror to get updates, you can retrieve and
install packages directly:
For Fedora 19 x86_64:
yum -y install koji
koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm
For Fedora 20 x86_64:
yum -y install koji
koji download-build --arch=x86_64 openssl-1.0.1e-37.fc20.1
yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm
Substitute i686 for 32-bit systems, or armv7hl for ARM systems (F20
only).
Additionally, if you would like signed packages, you can retrieve and install those signed
packages directly as well:
For Fedora 19 x86_64:
yum -y install koji
koji download-build --key=fb4b18e6 --arch=x86_64 openssl-1.0.1e-37.fc19.1
yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm
For Fedora 20 x86_64:
yum -y install koji
koji download-build --key=246110c1 --arch=x86_64 openssl-1.0.1e-37.fc20.1
yum localinstall openssl-1.0.1e-37.fc20.1.x86_64.rpm
Package updates for mingw-openssl will receive fixes shortly and
we'll update the community when they are available. Note that
Fedora 18, which is no longer supported by the Fedora community, is
also affected by this issue. Fedora 17 and previous releases, also no
longer supported, are not affected by this issue.
Fedora Release Engineering is currently regenerating AMIs and
qcow2/kvm images to include the fix.
The Fedora Infrastructure team is working to assess any additional
impact, and will update the community as we develop more information.
Thanks for your patience as we work on this issue.
ACKNOWLEDGMENTS: Special thanks to Dennis Gilmore for quickly providing
package updates, and Major Hayden for providing the manual update
guidance above.
-Robyn Bergeron