Assuming you are running a server serving encrypted data via openSSL:
meaning e.g. apache, openvpn, sshd, postfix (and exim et al), dovecot etc.
Not sshd from what I understand. And apache, only if you have https setup, right? I've forgotten where security certificates live with ssh. Public key on the server and private on my personal workstation, right? I have a email server running on one box. Can the vulnerability have been used to get the sshd private keys? I'm thinking the private ssh keys would have never been in the memory space of the email server, so they are safe? On the other hand, the pop/imap passwords could have been gotten and for users that have a re-used password they could have been used it to ssh straight into the box for any users not using a security certificate to authenticate. In that case all docs/data available to the user was potentially breached. Greg -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org