Announcement

Collapse
No announcement yet.

OpenSSL heartbleed

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    OpenSSL heartbleed

    Hello,

    Any chance of releasing quickly the latest openssl redhat has published ?

    1084875 – (CVE-2014-0160, Heartbleed) CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets
    https://bugzilla.redhat.com/show_bug.cgi?id=1084875


    Thanks !
    Tags: None
  • #2
    I belive this is already fixed :

    Code:
    rpm -q --changelog openssl|head

* lun. avril 07 2014 Tomáš Mráz  1.0.1e-16.7

- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

* mar. janv. 07 2014 Tomáš Mráz  1.0.1e-16.4

- fix CVE-2013-4353 - Invalid TLS handshake crash

* lun. janv. 06 2014 Tomáš Mráz  1.0.1e-16.3

- fix CVE-2013-6450 - possible MiTM attack on DTLS1

* ven. déc. 20 2013 Tomáš Mráz  1.0.1e-16.2
    Thanks

    Comment

    • #3
      I see the same if the changelog however the system is still showing as vulnerable

      Comment

      • #4
        Every server we have thats using cloudlinux is displaying as vulnerable
        all other servers are not

        Comment

        • #5
          Any updates yet ?

          Comment

          • #6
            After updating OpenSSL, you must either restart applicable services or reboot the server before the change will take effect.

            Comment

            Previous template Next
            Working...
            X