-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJTSawvAAoJEEs3sNgP+7tezewQAJ4r0/NKZ75KSEf3B++wq6l9
AbKgpr8bG0NgCcJJP8h0CINQ7LYeaBUkHt4eQwHu6gzrXcggRFNcanmHtz1CaaeV
tP2P05PKK5MFOI0x2/x+mMCo/MLClJh0N6UBZoDxUR+nj8hEfo8LxAt+rNgdzGRO
l2HLU54GV8/PiJEajW4hr0dS/ky14+tei2Vhtb5pJCDKXH06UlYJbg/m6qJPhA9b
oB9/aZA0AA8KesO30HStErADeZy7XWWpZ81U0NrKYYaUxYQkQXd//+wmKiuCQJPg
c1l556IQKKj2dRRgiJi7XYov5M24vQbxJJFmJrtcHGpnDnZC8przcZerv1pOHqBs
aTVukJNLUNGnLvhMYQJlAyd7rJJ50Hd0WUy91tmdkCZ6hpmF8Ey/UwklwGK+zTH2
s6LPI0I3ayYagf6JqbmKni+O7UXU8LOSJp5BPqHvoMfKmcyM6MOo+SuTqmsxpYlO
Pn90Cr5ZmSKDmSaujgmoCivUgJ1a8ti+dJUvLVIknvqhp+wwtB5Cbj49yT98/6ha
y0mG0CtkvmTXNGIzplJ2XlbY76FS5cbXVCq2CfCLGTiWJPtkks1QoGBRdM5liIqe
Ck9LPJeCqKWMRB9mO+m46SJYEhFaKBFIbqEd4loCZN4MOnJ3PfQKLBqPtbBgppXN
Wicvro74jRcbA7nht5j6
=SCgn
-----END PGP SIGNATURE-----
Greetings.
I want to pass along some additional information about this
vulnerability and how it affects Fedora Infrastructure.
Shortly after sending the announcement, it was confirmed that private
keys from SSL certs CAN be acquired by this vulnerability. Accordingly,
we WILL be reissuing all our SSL certificates. We have started this
process today, and will send another email when all of them are
reissued.
If you have not yet changed your Fedora Account system password you may
wish to wait until we have finished replacing all SSL certificates.
Additionally, it was pointed out that Firefox does now use OCSP (Online
Certificate Status Protocol) by default. It should note revoked
certificates as long as it's able to reach the OSCP provider for that
Certificate Authority (if it cannot, it will assume the certificate is
valid).
Thanks for your patience as we work to keep Fedora resources secure.
kevin
No comments:
Post a Comment