Skip to Content.
Sympa Menu

perfsonar-announce - [perfsonar-announce] Re: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability

Subject: perfSONAR Announcements

List archive

[perfsonar-announce] Re: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability

Chronological Thread 
  • From: Jason Zurawski <>
  • To: perfsonar-user <>,
  • Cc: "" <>
  • Subject: [perfsonar-announce] Re: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability
  • Date: Wed, 09 Mar 2016 08:17:16 -0500

Greetings All;

As a followup to this, note an additional related CVE:

And the info on packages now available in the repos:

e87cdaa0c6d6528e4395026ed75dd8c06d1d9cd20cbfc2b88b0d6046482aaa82  openssl098e-0.9.8e-20.el6.centos.1.i686.rpm

e87cdaa0c6d6528e4395026ed75dd8c06d1d9cd20cbfc2b88b0d6046482aaa82  openssl098e-0.9.8e-20.el6.centos.1.i686.rpm
5c8881e272b9b1415d175bc1f4eecce80ea15b4090aac9725dfe67c19db53f70  openssl098e-0.9.8e-20.el6.centos.1.x86_64.rpm

7fea74c0623b0c425d9ff03e2412731c99a75e86eaa87d67a66b9903bb4aca2b  openssl098e-0.9.8e-20.el6.centos.1.src.rpm



Daniel Doyle wrote:
Hello all,

Red Hat has released a new CVE today for a vulnerability called "DROWN":

Our read of this CVE is that it only impacts the SSLv2 protocol, which has been turned off by default in the toolkit for some time now. If you are running a current instance of the perfSONAR toolkit and have not made changes to the apache configuration, you should be fine. 

If you have made changes to the apache configuration, you should review the CVE and make sure that you either disable SSLv2 or upgrade the openssl package, and either reboot the machine or restart any processes such as apache that use openssl to ensure all processes have the updates applied.

Thank you,
The perfSONAR Team

Archive powered by MHonArc 2.6.16.

Top of Page