hey folks - please be aware that simply patching OpenSSL is NOT sufficient to mitigate the risk. if you have been using a RHEL/CentOS 6 system to host services secured by SSL, then you should consider your keys compromised, revoke your keys, and deploy new keys and new certs.
read http://heartbleed.com to learn more. -steve On Apr 8, 2014, at 7:57 PM, Cecil Yother, Jr. <c...@yother.com> wrote: > FYI, This fix has only come out in the past few days. > On 04/08/2014 04:54 PM, Eric Shubert wrote: >> On 04/08/2014 01:04 PM, Peter Peterse wrote: >>> Finn Buhelt schreef op 8-4-2014 21:53: >>>> Hi list >>>> >>>> Will this affects QMT ? ( latest release uses openssl-1.01 which is hit) >>>> >>>> "New security holes are always showing up. The latest one, the >>>> so-called <http://heartbleed.com/>Heartbleed Bug <http://heartbleed.com/> >>>> in the OpenSSL <https://www.openssl.org/> cryptographic library, is >>>> an especially bad one" - taken from zdnet.com >>>> >>>> >>>> Regards, >>>> Finn >>> >>> Hi Finn, >>> >>> I've read CentOS 6 is affected and CentOS 5 not. >>> >>> CentOS 5.10 contains OpenSSL 0.9.8e >>> >>> Regards, >>> Peter >> >> RHEL/CentOS has fixed this in openssl-1.0.1e-16.el6_5.7 >> The fixed package was in all of the mirrors I happened to catch. >> >> To check if your package has the fix applied, you can: >> $ rpm -q openssl --changelog | grep CVE-2014-0160 >> If you get nothing back (and you're on COS6) you should (yum) update your >> openssl package. >> > > -- > <cj's_sig.png> -- http://five.sentenc.es
signature.asc
Description: Message signed with OpenPGP using GPGMail