Skip to Content.
Sympa Menu

perfsonar-user - [perfsonar-user] Fwd: [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update

Subject: perfSONAR User Q&A and Other Discussion

List archive

[perfsonar-user] Fwd: [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update


Chronological Thread 
  • From: Jason Zurawski <>
  • To: "" <>, perfsonar-announce <>
  • Cc: "" <>
  • Subject: [perfsonar-user] Fwd: [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update
  • Date: Tue, 8 Apr 2014 09:35:32 -0700

Greetings;

Please see below for an important security alert related to a package on
CentOS version 6.5 (the operating system that underpins the pS Performance
Toolkit versions 3.3.x). This issue is described in more detail at the
following site:

http://heartbleed.com/

The perfSONAR project is recommending that all users run 'yum update' to pull
down these packages immediately.

Our read of the CVE and affiliated documentation does indicate there is a
potential for compromise of private key material that may impact the host, or
users of the system. For those that have concerns about this, the project is
recommending that users regenerate the host certificate. If you are using
the provided 'self signed' certificate, you can follow these instructions to
regenerate new credentials:

> # build a new key
> /usr/bin/openssl genrsa > /etc/pki/tls/private/localhost.key
>
> # create a new self-signed cert
> cd /etc/pki/tls/certs
> make testcert
>
> # restart apache
> sudo /etc/init.d/httpd restart


If you have installed a customized certificate, refer to instructions
specific to that process. Please send along any questions to the developers
list
()
if you have them.

Thanks;

-jason

Begin forwarded message:

> From: Karanbir Singh
> <>
> Subject: [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl Update
> Date: April 7, 2014 7:54:58 PM PDT
> To:
>
> Reply-To:
>
>
>
> CentOS Errata and Security Advisory 2014:0376 Important
>
> Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html
>
> The following updated files have been uploaded and are currently
> syncing to the mirrors: ( sha256sum Filename )
>
> i386:
> 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8
> openssl-1.0.1e-16.el6_5.7.i686.rpm
> ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba
> openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
> 5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5
> openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
> 601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90
> openssl-static-1.0.1e-16.el6_5.7.i686.rpm
>
> x86_64:
> 6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8
> openssl-1.0.1e-16.el6_5.7.i686.rpm
> 42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712
> openssl-1.0.1e-16.el6_5.7.x86_64.rpm
> ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba
> openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
> 3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b
> openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
> 89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594
> openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
> 9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0
> openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm
>
> Source:
> 3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d
> openssl-1.0.1e-16.el6_5.7.src.rpm
>
>
>
> --
> Karanbir Singh
> CentOS Project { http://www.centos.org/ }
> irc: z00dax,
> #
>
> _______________________________________________
> CentOS-announce mailing list
>
> http://lists.centos.org/mailman/listinfo/centos-announce



Archive powered by MHonArc 2.6.16.

Top of Page