perfSONAR Announcements

["Andrew Lake" <>]

All,

Today a new OpenSSL vulnerability was announced: https://www.openssl.org/news/secadv_20150709.txt

We are contacting the list to let you know that we believe the the operating systems supported by perfSONAR are NOT affected. We do not believe you should not need to take any further action to protect your host from the vulnerability. For reference, the current list of supported perfSONAR operating systems are:

- CentOS 6

- Debian “wheezy" and “jessie"

- Ubuntu 12 and 14

All of the above ship with versions of OpenSSL that are not reported to be vulnerable. For details concerning the vulnerability as relates to specific operating systems see the following:

- CentOS/RedHat: https://access.redhat.com/security/cve/CVE-2015-1793

- Debian: https://security-tracker.debian.org/tracker/CVE-2015-1793

- Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1793.html

Please let us know if you have any further questions or concerns.

Thank you,

The perfSONAR Team