Gentoo Logo
Gentoo Spaceship

Get Started
Gentoo Handbook
Downloads

News
Security Announcements
Calendar
Infrastructure Status

Documentation
Gentoo Handbook
Featured Documentation
IBM dW/Intel article archive

Get Gentoo
Downloads
Mirrors

Community
Discussion Forums
IRC Channels
Mailing Lists
Report Issues
Planet (Blogs)
Online Package Database
Wiki
Contact Us
Sponsors

Get Involved
Report Issues
Help Wanted
Help maintaining packages
Discussion Forums
IRC Channels
Mailing Lists
Become a Developer
Offer Resources
Enhancement Proposals (GLEPs)
Source Repositories
Developer's Manual

Other
Developer List
Developer Map
Gentoo Stores
Projects

About
About Gentoo
Philosophy
Social Contract
Name and Logo Guidelines
Logos and themes
Screenshots



Action required: Password reset on all Gentoo services
Posted on April 13, 2014 by Alex Legler

gentoo

Recent versions of OpenSSL were found to be affected by an information disclosure vulnerability related to TLS heartbeats, nicknamed Heartbleed. It allows attackers to read up to 64kb of random server memory, possibly including passwords, session IDs or even private keys.

After the public disclosure on April 7, we have confirmed that several services provided by Gentoo Infrastructure were vulnerable as well. We have immediately updated the affected software, recreated private keys, reissued certificates, and invalidated all running user sessions. Despite these measures, we cannot exclude the possibility of attackers exploiting the issue during the time it was not publicly known to gain access to credentials or session IDs of our users. There are currently no indications this has happened.

However, to be safe, we are asking you to reset your passwords used for Gentoo services within the next 7 days. You need to take action if you have an account on one of the following sites:

  • blogs.gentoo.org
  • bugs.gentoo.org
  • forums.gentoo.org
  • wiki.gentoo.org

After 7 days, we will be removing all passwords to avoid abuse. For more information and the full announcement, visit http://infra-status.gentoo.org/notice/20140413-heartbleed.




Page updated April 13, 2014

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.