perfsonar-announce - Re: [perfSONAR-developer] [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update
Subject: perfSONAR Announcements
List archive
Re: [perfSONAR-developer] [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update
Chronological Thread
- From: Andrew Lake <>
- To: "" <>, perfsonar-announce <>
- Cc: "" <>
- Subject: Re: [perfSONAR-developer] [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update
- Date: Thu, 10 Apr 2014 15:12:23 -0400
Greetings;
New LiveCD and LiveUSB images are now available containing the latest openssl
packages at the link below:
http://software.internet2.edu/pS-Performance_Toolkit/
This is required since LiveCD/USB users cannot update packages and have them
survive a reboot due to the nature of the live media. It is advised all
LiveCD and LiveUSB users upgrade to the latest version at this time. If you
are a NetInstall user, see Jason's previous note for steps on how to update
your host. As always, please let us know if you have any questions
Thanks,
Andy
On Apr 8, 2014, at 12:35 PM, Jason Zurawski
<>
wrote:
> Greetings;
>
> Please see below for an important security alert related to a package on
> CentOS version 6.5 (the operating system that underpins the pS Performance
> Toolkit versions 3.3.x). This issue is described in more detail at the
> following site:
>
> http://heartbleed.com/
>
> The perfSONAR project is recommending that all users run 'yum update' to
> pull down these packages immediately.
>
> Our read of the CVE and affiliated documentation does indicate there is a
> potential for compromise of private key material that may impact the host,
> or users of the system. For those that have concerns about this, the
> project is recommending that users regenerate the host certificate. If you
> are using the provided 'self signed' certificate, you can follow these
> instructions to regenerate new credentials:
>
>> # build a new key
>> /usr/bin/openssl genrsa > /etc/pki/tls/private/localhost.key
>>
>> # create a new self-signed cert
>> cd /etc/pki/tls/certs
>> make testcert
>>
>> # restart apache
>> sudo /etc/init.d/httpd restart
>
>
> If you have installed a customized certificate, refer to instructions
> specific to that process. Please send along any questions to the
> developers list
> ()
> if you have them.
>
> Thanks;
>
> -jason
>
> Begin forwarded message:
>
>> From: Karanbir Singh
>> <>
>> Subject: [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update
>> Date: April 7, 2014 7:54:58 PM PDT
>> To:
>>
>> Reply-To:
>>
>>
>>
>> CentOS Errata and Security Advisory 2014:0376 Important
>>
>> Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html
>>
>> The following updated files have been uploaded and are currently
>> syncing to the mirrors: ( sha256sum Filename )
>>
>> i386:
>> 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8
>> openssl-1.0.1e-16.el6_5.7.i686.rpm
>> ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba
>> openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
>> 5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5
>> openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
>> 601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90
>> openssl-static-1.0.1e-16.el6_5.7.i686.rpm
>>
>> x86_64:
>> 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8
>> openssl-1.0.1e-16.el6_5.7.i686.rpm
>> 42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712
>> openssl-1.0.1e-16.el6_5.7.x86_64.rpm
>> ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba
>> openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
>> 3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b
>> openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
>> 89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594
>> openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
>> 9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0
>> openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm
>>
>> Source:
>> 3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d
>> openssl-1.0.1e-16.el6_5.7.src.rpm
>>
>>
>>
>> --
>> Karanbir Singh
>> CentOS Project { http://www.centos.org/ }
>> irc: z00dax,
>> #
>>
>> _______________________________________________
>> CentOS-announce mailing list
>>
>> http://lists.centos.org/mailman/listinfo/centos-announce
- Fwd: [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update, Jason Zurawski, 04/08/2014
- Re: [perfSONAR-developer] [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update, Andrew Lake, 04/10/2014
Archive powered by MHonArc 2.6.16.