[packman] PMBS vulnerable to Heartbleed

Dmitriy Perlow dap at open.by
Mon Apr 14 16:57:32 CEST 2014


Stefan Botter <jsj at jsj.dyndns.org>  Mon, 14 Apr 2014 16:54:15 +0300:

> On Mon, 14 Apr 2014 07:45:59 -0500
> Malcolm <malcolmlewis at cableone.net> wrote:
>
>> Hi
>> I'm assuming it's just the certificate?
>>
>> Via https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/
>>
>> http://paste.opensuse.org/414fd0fe
>>
>> And then;
>>
>> https://www.ssllabs.com/ssltest/analyze.html?d=pmbs.links2linux.de
>>
>
> Yes, I know.
> PMBS runs openSUSE 12.2, and there are no security updates anymore.
> I am testing the update to 13.1 and OBS 2.5.1 right now on a different
> machine, but so far no smooth update seams to be possible.
>
> I asked Marc for a new certificate already, but without an updates
> openssl lib this is not urgent.
>
> We most probably should change the passwords anyway, along with the
> email addresses, so that OBS' internal notification system is able to
> send the messages. I will send an announcement, once the update is
> done. I do not know when I can do the update, but it is high on my
> priority-B ToDo list.
>
> Greetings,
>
> Stefan

You could backport openssl packages.

-- 
Best regards,
Dmitriy DA(P).DarkneSS Perlow @ Linux x64




More information about the Packman mailing list