8 Apr
2014
8 Apr
'14
5:32 p.m.
On 04/08/2014 01:12 PM, Alain Péan wrote:
Le 08/04/2014 19:05, Tony Mountifield a écrit :
And I notice that the new libraries after applying the update are STILL called 1.0.1e - is that correct? Could be confusing.
Because at this time, it's only a workaround that disable certain services, not a fix to the libraries, as I read in the annoucement ?
Alain
According to the changelog this update 5.7 fixed the cve.
$ rpm -qa|grep openssl openssl-1.0.1e-16.el6_5.7.x86_64 openssl-devel-1.0.1e-16.el6_5.7.x86_64 Tue Apr 8 12:17:25 EDT 2014 Z643357:~ $ rpm -q --changelog openssl | less * Mon Apr 07 2014 Tomás( Mráz tmraz@redhat.com 1.0.1e-16.7 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@netwolves.com
http://www.netwolves.com