perfsonar-user - [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Daniel Doyle <>
- To: perfsonar-user <>,
- Subject: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability
- Date: Wed, 2 Mar 2016 13:18:55 -0500
Hello all, Red Hat has released a new CVE today for a vulnerability called "DROWN": Our read of this CVE is that it only impacts the SSLv2 protocol, which has been turned off by default in the toolkit for some time now. If you are running a current instance of the perfSONAR toolkit and have not made changes to the apache configuration, you should be fine. If you have made changes to the apache configuration, you should review the CVE and make sure that you either disable SSLv2 or upgrade the openssl package, and either reboot the machine or restart any processes such as apache that use openssl to ensure all processes have the updates applied. Thank you, The perfSONAR Team |
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
- [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability, Daniel Doyle, 03/02/2016
- Re: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability, Jason Zurawski, 03/09/2016
Archive powered by MHonArc 2.6.16.