Re: [Nolug] SSL bug

From: Brad Bendily <>
Date: Tue, 8 Apr 2014 11:01:32 -0500
Message-ID: <>

Red Hat has released a fix for their OS:

On Tue, Apr 8, 2014 at 10:52 AM, Joey Kelly <> wrote:
> Guys,
> The guy that wrote the above needs to work on his english a little, but
> what's described is bad. Very bad. If either end of an ssh or SSL
> connection (this includes VPNs, IPsec, Puppet, secure websites, and
> other stuff) runs vulnerable code (the site lists the versions in
> question), your stuff can be owned. Log into your bank? An attacker can
> follow right after you and steal all your money --- that bad.
> If you run Debian 7 or CentOS 6, you are vulnerable. Versions prior are
> safe (I have no idea which versions of Ubuntu are based on which
> versions of Debian, so if you run that, find out ASAP).
> Change all your SSL certs. Regenerate your ssh keys. Once that's done,
> change any password (ssh, web login, you name it) that was used on a
> vulnerable server. There is no telling if the bad guys knew about this
> before the bugs were found, and no way of knowing if your stuff was
> accessed or not.
> This is a Big Deal.
> --
> Joey Kelly
> Minister of the Gospel and Linux Consultant
> 504-239-6550
> ___________________
> Nolug mailing list

Have Mercy & Say Yeah
Nolug mailing list
Received on 04/08/14

This archive was generated by hypermail 2.2.0 : 04/08/14 EDT