Subject: perfSONAR Announcements
- From: Eric Boyd <>
- To: <>
- Subject: Upcoming Open SSL Security Vulnerability
- Date: Wed, 18 Mar 2015 17:23:07 -0400
- Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;
The perfSONAR Team wants to inform you of an upcoming vulnerability
announcement about OpenSSL.
It has been announced that the OpenSSL team will release a new version
of OpenSSL tomorrow (Thursday, March 19th) to address several security
vulnerabilities, some with a "high" severity. No details have been
provided ahead of time. We believe perfSONAR might be affected, due to its dependency on Centos 6, but we don't know
how vulnerable to exploitation a perfSONAR node will be.
Depending on what is actually revealed tomorrow, there may be a
need for quick patching/updating. We will be sending out an advisory
tomorrow once we have had a chance to study the vulnerabilities.
For those who have autoupdate enabled, you will will automatically get the patch, once developed.
In anticipation that attacks will be developed very quickly once the patches are developed and the possibility that perfSONAR nodes could be affected, you might consider briefly blocking ports 22 and 443 until we announce any plans for a patch (or not).
if you have any questions
The perfSONAR team posts news and announcements to
and to the perfSONAR web page: http://www.perfsonar.net/
on behalf of the perfSONAR Development Team
- Upcoming Open SSL Security Vulnerability, Eric Boyd, 03/18/2015
- <Possible follow-up(s)>
- Re: Upcoming Open SSL Security Vulnerability, Eric Boyd, 03/20/2015
Archive powered by MHonArc 2.6.16.