[Labs-l] Recent SSL vulnerability impact
Frank Sainsbury
fsainsbu at gmail.com
Wed Apr 9 07:13:08 UTC 2014
Hi Mark
> (To be clear, this does not affect SSH key material in any way).
I am unsure what that means, the ssh keys I use to login with?
Working for ITSOIL Pty Ltd
At the University of Tasmania
Model maker at Military Museum of Tasmania
> On 9 Apr 2014, at 2:15 am, "Marc A. Pelletier" <marc at uberbox.org> wrote:
>
> Hello everyone,
>
> Please be aware that the recently disclosed vulnerability in openssl (CVE-2014-0160)[1] affected the Ubuntu Precise distribution of that library (which is in use in Labs). This vulnerability potentially exposes server process memory in a way that may allow an attacker to recover the private key during SSL negotiation.
>
> We have forcibly upgraded that library on all instances (as well as the WMF infrastructure) and will replace any potentially exposed SSL key material; but please note that if you use SSL within your project, you should consider all keys to be compromised, generate new keys and issue new certificates.
>
> (To be clear, this does not affect SSH key material in any way).
>
> — Marc
>
> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20140409/bed0d839/attachment.html>
More information about the Labs-l
mailing list