Skip to Content.
Sympa Menu

perfsonar-announce - [perfsonar-announce] Re: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability

Subject: perfSONAR Announcements

List archive

[perfsonar-announce] Re: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability


Chronological Thread 
  • From: Jason Zurawski <>
  • To: perfsonar-user <>,
  • Cc: "" <>
  • Subject: [perfsonar-announce] Re: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability
  • Date: Wed, 09 Mar 2016 08:17:16 -0500
Greetings All;

As a followup to this, note an additional related CVE:

https://rhn.redhat.com/errata/RHSA-2016-0372.html

And the info on packages now available in the repos:



  
i386:
e87cdaa0c6d6528e4395026ed75dd8c06d1d9cd20cbfc2b88b0d6046482aaa82  openssl098e-0.9.8e-20.el6.centos.1.i686.rpm

x86_64:
e87cdaa0c6d6528e4395026ed75dd8c06d1d9cd20cbfc2b88b0d6046482aaa82  openssl098e-0.9.8e-20.el6.centos.1.i686.rpm
5c8881e272b9b1415d175bc1f4eecce80ea15b4090aac9725dfe67c19db53f70  openssl098e-0.9.8e-20.el6.centos.1.x86_64.rpm

Source:
7fea74c0623b0c425d9ff03e2412731c99a75e86eaa87d67a66b9903bb4aca2b  openssl098e-0.9.8e-20.el6.centos.1.src.rpm






Thanks;



-jason



Daniel Doyle wrote:



  
  
Hello all,

  


  
Red Hat has released a new CVE today for a vulnerability called
 "DROWN":


Our read of this CVE is that 
it only impacts the SSLv2 protocol, which has been turned off by default
 in the toolkit for some time now. If you are running a current instance
 of the perfSONAR toolkit and have not made changes to the apache 
configuration, you should be fine. 

If you have made changes to the apache configuration, you 
should review the CVE and make sure that you either disable SSLv2 or 
upgrade the openssl package, and either reboot the machine or restart 
any processes such as apache that use openssl to ensure all processes 
have the updates applied.

Thank you,
The perfSONAR Team






























Archive powered by MHonArc 2.6.16.










    
  
    

  
  
Top of Page