perfsonar-announce - Re: Upcoming Open SSL Security Vulnerability
Subject: perfSONAR Announcements
List archive
- From: Eric Boyd <>
- To: <>
- Subject: Re: Upcoming Open SSL Security Vulnerability
- Date: Fri, 20 Mar 2015 10:00:04 -0400
- Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;
perfSONAR Community,
RedHat has put up a page detailing how the recent OpenSSL updates affect
RedHat
6 (which forms the basis for CentOS 6).
https://access.redhat.com/articles/1384453
From our read through of the vulnerabilities, none seem particularly worrisome
for Toolkit deployments. The problem bugs in this set of CVEs were for bugs
that allowed for Denial-of-Service attacks (i.e. an OpenSSL service could be
crashed). However, given the specifics of these DoS scenarios, it's unlikely
that perfSONAR Toolkit deployments will be affected.
RedHat has yet to release updated OpenSSL RPMs. Once they release them, the
CentOS team will have to vet the RPMs to their satisfaction, and then they
will
be released. There is no time table for the updates, but I would imagine they
will be out within a day or so.
For those who have auto-update enabled, you will automatically get the updated
RPMs, once they are released. However, you may need to restart Apache and
OpenSSH so that they use the updated library. It may be easiest to reboot the
host.
Please
if you have any questions or
concerns.
The perfSONAR team posts news and announcements to
and to the perfSONAR web page:
http://www.perfsonar.net/
Sincerely,
Eric Boyd
on behalf of the perfSONAR Development Team
- Upcoming Open SSL Security Vulnerability, Eric Boyd, 03/18/2015
- <Possible follow-up(s)>
- Re: Upcoming Open SSL Security Vulnerability, Eric Boyd, 03/20/2015
Archive powered by MHonArc 2.6.16.