On 04/08/2014 01:12 PM, Alain Péan wrote: > Le 08/04/2014 19:05, Tony Mountifield a écrit : >> And I notice that the new libraries after applying the update are >> STILL called 1.0.1e - is that correct? Could be confusing. > Because at this time, it's only a workaround that disable certain > services, not a fix to the libraries, as I read in the annoucement ? > > Alain > According to the changelog this update 5.7 fixed the cve. $ rpm -qa|grep openssl openssl-1.0.1e-16.el6_5.7.x86_64 openssl-devel-1.0.1e-16.el6_5.7.x86_64 Tue Apr 8 12:17:25 EDT 2014 Z643357:~ $ rpm -q --changelog openssl | less * Mon Apr 07 2014 Tomás( Mráz <tmraz at redhat.com> 1.0.1e-16.7 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension -- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com