Thanks a lot, Becky, for those links. The beauty of Linux these days (at
least Ubuntu) is that operations like this can be as easy as pie. Some
things, of course, are still darn difficult, but many others are not.
Roy
On Tue, Apr 8, 2014 at 7:12 AM, Becky Yoose <[log in to unmask]> wrote:
> Thanks for forwarding this along, Cary. I've been patching this morning,
> and am now in the process of determine needs for new certs. (sigh...)
>
> If you need some guidance in patching your server, here are a couple of
> links to start y'all out:
>
> Ubuntu-related patch info - https://gist.github.com/coderanger/10084033 ;
>
> http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl/444829#444829
>
> https://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-it
>
> https://security.stackexchange.com/questions/55075/does-heartbleed-mean-new-certificates-for-every-ssl-server/55087
>
> https://unix.stackexchange.com/questions/123711/how-do-i-recover-from-the-heartbleed-bug-in-openssl
>
> Thanks,
> Becky, who already broke into her chocolate stash before 8:45 in the
> morning.
>
>
>
> On Tue, Apr 8, 2014 at 9:06 AM, Cary Gordon <[log in to unmask]> wrote:
>
> > Please read this page and its supporting documents about the Heartbleed
> > Bug.
> >
> > http://heartbleed.com/
> >
> > If you use OpenSSL, and most service providers do, you should patch your
> > servers ASAP. OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are
> > vulnerable. Only version 1.0.1g or newer should be used.
> >
> > Apologies for multiple postings.
> >
> > Thanks,
> >
> > Cary
> >
> > Cary Gordon
> > The Cherry Hill Company
> > Los Angeles, CA
> >
>
|