Re: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 04/07/2014 08:30 PM, Always Learning wrote:
> Thank you.
>
> What will the temporary packages be called ?
>
>


Since this is the first post about the openssl update, I want to answer
a couple questions here:

1.  The first susceptible version of openssl in a CentOS release was
openssl-1.0.1e-15.el6, released on December 1, 2013.

2.  The version of openssl that you should install to fix the issue is
openssl-1.0.1e-16.el6_5.7, released on April 8, 2014.

3.  Versions of CentOS-6.5 openssl that were affected are: 
openssl-1.0.1e-15.el6, openssl-1.0.1e-16.el6_5,
openssl-1.0.1e-16.el6_5.1, openssl-1.0.1e-16.el6_5.4.

4.  Only CentOS-6.5 was affected.  CentOS-6 at versions 6.4 or earlier
was not affected.  No versions of CentOS-5 (or any other CentOS) were
affected.

Besides doing updates, things you should do include:

1.  Besides doing the updates, you should replace any certificates using
SSL or TLS that are openssl based.  This includes VPN, HTTPD, etc.  See
http://heartbleed.com/ for more info on impacted keys.

2.  See this page for figuring out which services you should restart
after applying updates .. or just reboot the machine which will restart
all services:

https://access.redhat.com/site/solutions/781793



Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux