Skip to Content.
Sympa Menu

perfsonar-announce - Re: Upcoming Open SSL Security Vulnerability

Subject: perfSONAR Announcements

List archive

Re: Upcoming Open SSL Security Vulnerability

Chronological Thread 
  • From: Eric Boyd <>
  • To: <>
  • Subject: Re: Upcoming Open SSL Security Vulnerability
  • Date: Fri, 20 Mar 2015 10:00:04 -0400
  • Authentication-results:; dkim=none (message not signed) header.d=none;

perfSONAR Community,

RedHat has put up a page detailing how the recent OpenSSL updates affect
6 (which forms the basis for CentOS 6).

From our read through of the vulnerabilities, none seem particularly worrisome
for Toolkit deployments. The problem bugs in this set of CVEs were for bugs
that allowed for Denial-of-Service attacks (i.e. an OpenSSL service could be
crashed). However, given the specifics of these DoS scenarios, it's unlikely
that perfSONAR Toolkit deployments will be affected.

RedHat has yet to release updated OpenSSL RPMs. Once they release them, the
CentOS team will have to vet the RPMs to their satisfaction, and then they
be released. There is no time table for the updates, but I would imagine they
will be out within a day or so.

For those who have auto-update enabled, you will automatically get the updated
RPMs, once they are released. However, you may need to restart Apache and
OpenSSH so that they use the updated library. It may be easiest to reboot the


if you have any questions or

The perfSONAR team posts news and announcements to

and to the perfSONAR web page:

Eric Boyd
on behalf of the perfSONAR Development Team

Archive powered by MHonArc 2.6.16.

Top of Page