perfSONAR Announcements

[Jason Zurawski <>]

Greetings;

Read below for information on packages meant to address POODLE, 'yum update' 
as soon as you can.  

There is another note from CentOS below, suggesting steps to mitigate the use 
of SSLv3 be followed.  More information now available here:

http://wiki.centos.org/Security/POODLE

Thanks;

-jason

Begin forwarded message:

> From: Johnny Hughes 
> <>
> Subject: [CentOS-announce] CESA-2014:1652 Important CentOS 6 openssl 
> Security Update
> Date: October 16, 2014 1:48:09 PM PDT
> To: 
> 
> Reply-To: 
> 
> 
> CentOS Errata and Security Advisory 2014:1652 
> 
> The following updated files have been uploaded and are currently
> syncing to the mirrors: ( sha256sum Filename )
> 
> -----------------------------
> i386
> -----------------------------
> 
> 5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 
> openssl-1.0.1e-30.el6_5.2.i686.rpm
> dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d 
> openssl-devel-1.0.1e-30.el6_5.2.i686.rpm
> dc42eb136b3cfef78d590d4ab29d36e5e5951bc9433d20d5ca633033d960a00d 
> openssl-perl-1.0.1e-30.el6_5.2.i686.rpm
> 95e67f00f7d58348e5f0df6ac74d7baecb9d5fc214d58ad257a14bec353219a3 
> openssl-static-1.0.1e-30.el6_5.2.i686.rpm
> 
> -----------------------------
> X86_64
> -----------------------------
> 
> 5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 
> openssl-1.0.1e-30.el6_5.2.i686.rpm
> 17bfdb52afcb2ebaa16875819b9d8d2f3dc84eb061ee3e194da14e286bc76029 
> openssl-1.0.1e-30.el6_5.2.x86_64.rpm
> dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d 
> openssl-devel-1.0.1e-30.el6_5.2.i686.rpm
> 7c390aab888c07887fc783686f42216711665738e58c2b23029748292dd0f96d 
> openssl-devel-1.0.1e-30.el6_5.2.x86_64.rpm
> dfdcf88163743d5f4fda06a69cba00b822b73ba66aa5841faf8c0e9841b91bcb 
> openssl-perl-1.0.1e-30.el6_5.2.x86_64.rpm
> 0f8cc0615d96d4d7e74b5ffc109143873510406dbb6be679d4ab94bd4f731cdb 
> openssl-static-1.0.1e-30.el6_5.2.x86_64.rpm
> 
> -----------------------------
> Source:
> -----------------------------
> 
> 1a1c3ed0d8eb5775d89b726e7f19ff2d8b52b7ef27f6e36260e83ffc40328460 
> openssl-1.0.1e-30.el6_5.2.src.rpm
> 
> =====================================================
> 
> The following upstream security issues are addressed in this update:
> 
> https://rhn.redhat.com/errata/RHSA-2014-1652.html
> 
> =====================================================
> 
> NOTE: This update is released into the CentOS-6.5 tree and has a .el6_5 dist
> tag, *NOT* the .el6_6 dist tag that Red Hat used for RHEL in the link above.
> 
> This update was built against 'CentOS-6.5 + updates' and that is where it is
> intended to be used.
> 
> The CentOS team will build and release a openssl-1.0.1e-30.el6_6.2.src.rpm 
> as
> a zero day update to CentOS-6.6 when that is released as we are currently
> building CentOS-6.6 from the released Red Hat Enterprise Linux sources.
> 
> Please also note that even after installing this update, further action is
> required to mitigate the POODLE issue on CentOS-6. Please see this link for
> steps to take and ways to test for both the POODLE and TLS_FALLBACK_SCSV 
> issues.
> 
> http://wiki.centos.org/Security/POODLE
> 
> --
> Johnny Hughes
> CentOS Project { http://www.centos.org/ }
> irc: hughesjr, #centos at irc.freenode.net
> 
> _______________________________________________
> CentOS-announce mailing list
> 
> http://lists.centos.org/mailman/listinfo/centos-announce