perfSONAR Announcements

[Eric Boyd <>]

perfSONAR Community,

RedHat has put up a page detailing how the recent OpenSSL updates affect 
RedHat
6 (which forms the basis for CentOS 6).

https://access.redhat.com/articles/1384453

From our read through of the vulnerabilities, none seem particularly worrisome
for Toolkit deployments. The problem bugs in this set of CVEs were for bugs
that allowed for Denial-of-Service attacks (i.e. an OpenSSL service could be
crashed). However, given the specifics of these DoS scenarios, it's unlikely
that perfSONAR Toolkit deployments will be affected.

RedHat has yet to release updated OpenSSL RPMs. Once they release them, the
CentOS team will have to vet the RPMs to their satisfaction, and then they 
will
be released. There is no time table for the updates, but I would imagine they
will be out within a day or so.

For those who have auto-update enabled, you will automatically get the updated
RPMs, once they are released. However, you may need to restart Apache and
OpenSSH so that they use the updated library. It may be easiest to reboot the
host.

Please 

  if you have any questions or
concerns.

The perfSONAR team posts news and announcements to

  and to the perfSONAR web page:
http://www.perfsonar.net/

Sincerely,
Eric Boyd
on behalf of the perfSONAR Development Team