Skip to Content.
Sympa Menu

perfsonar-announce - Upcoming Open SSL Security Vulnerability

Subject: perfSONAR Announcements

List archive

Upcoming Open SSL Security Vulnerability


Chronological Thread 
  • From: Eric Boyd <>
  • To: <>
  • Subject: Upcoming Open SSL Security Vulnerability
  • Date: Wed, 18 Mar 2015 17:23:07 -0400
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;

perfSONAR Community,

The perfSONAR Team wants to inform you of an upcoming vulnerability
announcement about OpenSSL.

http://marc.info/?l=openssl-announce&m=142653572011212&w=2

It has been announced that the OpenSSL team will release a new version
of OpenSSL tomorrow (Thursday, March 19th) to address several security
vulnerabilities, some with a "high" severity. No details have been
provided ahead of time. We believe perfSONAR might be affected, due to its dependency on Centos 6, but we don't know
how vulnerable to exploitation a perfSONAR node will be.

Depending on what is actually revealed tomorrow, there may be a
need for quick patching/updating. We will be sending out an advisory
tomorrow once we have had a chance to study the vulnerabilities.

For those who have autoupdate enabled, you will will automatically get the patch, once developed.

In anticipation that attacks will be developed very quickly once the patches are developed and the possibility that perfSONAR nodes could be affected, you might consider briefly blocking ports 22 and 443 until we announce any plans for a patch (or not).

Please contact

if you have any questions
or concerns.

The perfSONAR team posts news and announcements to
and to the perfSONAR web page: http://www.perfsonar.net/

Sincerely,
Eric Boyd
on behalf of the perfSONAR Development Team



Archive powered by MHonArc 2.6.16.

Top of Page