OpenSSL Security issues
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Apr 8 12:02:52 CEST 2014
On 8 Apr 2014, at 10:35, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
> On 08/04/14 01:11, stefan.paetow at diamond.ac.uk wrote:
>> I'm back in the office tomorrow and will check the CentOS updates
>
> Seems that CentOS 5 is not affected, but CentOS 6 is. An patched update has been released for for RHEL 6 and will presumably make its way into CentOS before too long...
>
> https://rhn.redhat.com/errata/RHSA-2014-0376.html
Question to representatives of various distributions on the lists.
As instead of fix the issues correctly by upgrading to 1.0.1g, you
are patching existing versions of libssl, how can we determine whether
a version of libssl is vulnerable or not at configure time?
As it stands the next versions on all branches will refuse to build
against libssl 1.0.1-1.0.1f because of the potential security risk.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140408/59619e90/attachment.pgp>
More information about the Freeradius-Users
mailing list