Warning about OpenSSL 1.0.2
Paolo Barbato
paolo.barbato at igi.cnr.it
Tue Oct 13 10:43:10 CEST 2015
Hi Nick,
It seems to me that both rhel 6.7 and centos 6.7 have same last patched freeradius version:
https://rhn.redhat.com/errata/RHBA-2015-1829.html
https://lists.centos.org/pipermail/centos-announce/2015-September/021404.html
freeradius.x86_64 2.2.6-6.el6_7
as well as same openssl
openssl.x86_64 1.0.1e-42.el6
Regards,
Paolo.
> On 13 ott 2015, at 10:20, Nick Lowe <nick.lowe at gmail.com> wrote:
>
> Red Hat have an update available for their affected 6.7 release:
>
> https://rhn.redhat.com/errata/RHBA-2015-1829.html
>
> If you're running CentOS 6.7, you're likely out of luck until 6.8
> becomes available:
>
> https://bugs.centos.org/view.php?id=9295
>
> (That bug report has seemingly been ignored.)
>
> As this is making a lot of noise with Android 6.0 (Marshmallow),
> please consider releasing a 3.x and discretionary, under protest 2.x
> release sooner rather than later to close the loop of known possible
> issues:
>
> https://code.google.com/p/android/issues/detail?id=188867
>
> https://code.google.com/p/android-developer-preview/issues/detail?id=2136
>
> I agree that there aren't likely to be many sites using OpenSSL 1.0.2
> at this point in time, worth nipping in the bud though.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------------------------------
Paolo Barbato
Consorzio RFX
corso Stati Uniti,4
35127 Padova - Italy
Network Administrator
phone: +39 049 8295097 fax: +39 049 8700718
------------------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1814 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151013/1f5b82c2/attachment.bin>
More information about the Freeradius-Users
mailing list