<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hi Mark</div><div><blockquote type="cite">(To be clear, this does not affect SSH key material in any way).</blockquote><br>I am unsure what that means, the ssh keys I use to login with?</div><div><br></div><div>Working for ITSOIL Pty Ltd<div>At the University of Tasmania</div><div>Model maker at Military Museum of Tasmania</div></div><div><br>On 9 Apr 2014, at 2:15 am, "Marc A. Pelletier" <<a href="mailto:marc@uberbox.org">marc@uberbox.org</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html charset=windows-1252">Hello everyone,<div><br></div><div>Please be aware that the recently disclosed vulnerability in openssl (CVE-2014-0160)[1] affected the Ubuntu Precise distribution of that library (which is in use in Labs). This vulnerability potentially exposes server process memory in a way that may allow an attacker to recover the private key during SSL negotiation.</div><div><br></div><div>We have forcibly upgraded that library on all instances (as well as the WMF infrastructure) and will replace any potentially exposed SSL key material; but please note that if you use SSL within your project, you should consider all keys to be compromised, generate new keys and issue new certificates.</div><div><br></div><div>(To be clear, this does not affect SSH key material in any way).</div><div><br></div><div>— Marc</div><div><br></div><div>[1] <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160</a></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Labs-l mailing list</span><br><span><a href="mailto:Labs-l@lists.wikimedia.org">Labs-l@lists.wikimedia.org</a></span><br><span><a href="https://lists.wikimedia.org/mailman/listinfo/labs-l">https://lists.wikimedia.org/mailman/listinfo/labs-l</a></span><br></div></blockquote></body></html>