Mageia forum

Is Mageia also vulnerable to this? Is there anything a normal user can do to mitigate this in security settings?

http://arstechnica.com/security/2014/03 ... sdropping/

??

zxr250cc

Seems either you're not doing updates or you don't read news - you'd be vulnerable to this for over a month.

It's fixed since over a month: https://advisories.mageia.org/MGASA-2014-0117.html
We were even featured in a related press article a few days after that: http://www.pcworld.com/article/2105145/ ... x-bug.html

I updated tls in my computers as soon as I read the article. I guess I am a month late on this. Where is a reliable place to look for such security news going forward? I use slashdot and other sites for news. Anything more up to date on a daily basis?

I do updates daily on my computers. I had to manually choose the tls update though.

thanks for the reply.

zxr250cc wrote:Where is a reliable place to look for such security news going forward? I use slashdot and other sites for news. Anything more up to date on a daily basis?

Not sure what english sites to recommend. I don't look on a daily basis. Maybe http://arstechnica.com/security/ or something like that?
Actually the only one that I read regularly was http://nakedsecurity.sophos.com/

I don't check daily either, but I read LWN and there are daily workday security fixes posted there for the main distros, Mageia included.

FWIW, unrelated but for the recent openssl vulnerability, everybody should read up on http://heartbleed.com/