On 8 Apr 2014, at 10:35, Jonathan Gazeley <Jonathan.Gazeley@bristol.ac.uk> wrote:
On 08/04/14 01:11, stefan.paetow@diamond.ac.uk wrote:
I'm back in the office tomorrow and will check the CentOS updates
Seems that CentOS 5 is not affected, but CentOS 6 is. An patched update has been released for for RHEL 6 and will presumably make its way into CentOS before too long...
Question to representatives of various distributions on the lists. As instead of fix the issues correctly by upgrading to 1.0.1g, you are patching existing versions of libssl, how can we determine whether a version of libssl is vulnerable or not at configure time? As it stands the next versions on all branches will refuse to build against libssl 1.0.1-1.0.1f because of the potential security risk. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2