The Security Wranglers of Fedora

The deluge of software vulnerabilities creates challenges for system administrators, developers, and users. Although many vulnerabilities are corner cases that are often difficult to exploit and have limited effects, there are the occasional vulnerabilities that become front page news. Many… Continue Reading →

F22 Beta, feedback for Fedora Workstation, security challenge, better Spins website, and PyCon report

Fedora is a big project, and it’s hard to keep up with everything. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the… Continue Reading →

Worried about GHOST? Don’t be, on supported Fedora versions.

There’s a quite serious security vulnerability making the news today (ZDNet, Ars Technica), CVE-2015-0235, nicknamed “GHOST”. It happens that this flaw was fixed in glibc-2.18 (but quietly, and the full implications don’t seem to have been widely noticed). That means… Continue Reading →

More CVE-2014-3566 information on Red Hat’s Security Blog

I mentioned earlier that I’d update on this, and here we go. Our friends over in the Red Hat security team have posted POODLE – An SSL 3.0 Vulnerability (CVE-2014-3566), an article explaining the vulnerability in (not terribly technical) depth…. Continue Reading →

What you need to know about the SSLv3 “POODLE” flaw (CVE-2014-3566)

Good morning everyone! Another security vulnerability is hitting the tech (and mainstream!) press, and we want to make Fedora users get straight, simple information. This one is CVE-2014-3466, and the cute nickname of the day is “POODLE”. Here’s the basics:… Continue Reading →

Shellshock: How does it actually work?

By now, you’ve probably seen this magic incantation, or variations, sent all around as a quick test for vulnerability to CVE-2014-6271, known as “Shellshock”, because in this post-Heartbleed world, apparently all security flaws will have cute over-dramatic names. env x='()… Continue Reading →

Shellshock update: bash packages that resolve CVE-2014-6271 and CVE-2014-7169 available

UPDATE: The updated packages are now available in the official Fedora repositories. View this post for up-to-date details on how to install on your Fedora system. Updated packages that resolve CVE-2014-6271 and CVE-2014-7169 (collectively known as “Shellshock”) have now been… Continue Reading →

Previous fix for Shellshock Bash vulnerability incomplete — updated Fedora packages soon

UPDATE: Packages that resolve both “shell shock” CVEs are now available.  It turns out that the fix for the previously reported Bash flaw CVE-2014-6271 (sometimes referred to as “shellshock”) was incomplete, and a new CVE (CVE-2014-7169) has been issued to… Continue Reading →

Flock (You’re Not Too Late!), Unsigned Packages in F21, Security, Marketing, and Notifications (5tFTW 2014-07-29)

Fedora is a big project, and it’s hard to follow it all. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the five… Continue Reading →

OpenSSL Security Update now available for Fedora

Updated Fedora 19 and Fedora 20 packages for OpenSSL that address several issues (including CVE-2014-0224) are now available in Fedora. The Fedora Packages that contain the fixes for these issues are: openssl-1.0.1e-38.fc19 (Fedora 19) openssl-1.0.1e-38.fc20 (Fedora 20) From the Red… Continue Reading →

Update on CVE-2014-0160, aka “Heartbleed”

Reposting official announcement on behalf of Robyn Bergeron: Hello again, Fedora community. This is an update on Fedora’s response to CVE-2014-0160 (aka “Heartbleed”). This is a critical security vulnerability that requires your immediate attention. Updates are now available, and are… Continue Reading →

Five Things in Fedora This Week (2014-04-08)

Heartbleed and Fedora, Flock proposal voting, Gnome 3.12, Fedora.next website refresh, and Fedora at Red Hat Summit….

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions