[CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

Phil Wyett aura.yoda at gmail.com
Tue Apr 8 17:37:54 UTC 2014


On Tue, 2014-04-08 at 19:12 +0200, Alain Péan wrote:
> Le 08/04/2014 19:05, Tony Mountifield a écrit :
> > And I notice that the new libraries after applying the update are
> > STILL called 1.0.1e - is that correct? Could be confusing.
> 
> Because at this time, it's only a workaround that disable certain 
> services, not a fix to the libraries, as I read in the annoucement ?
> 
> Alain
> 

If you: rpm -qa | grep openssl

If you have: openssl-1.0.1e-16.el6_5.4.0.1

You have the package with affected elements disabled. These were made
until the final fixes could be brought in and applied.

If you have: openssl-1.0.1e-16.el6_5.7

You have the package with the upstream fix(es) applied and supersedes
the openssl-1.0.1e-16.el6_5.4.0.1 packages.

Regards

Phil

-- 

Phil Wyett
{
    GNU Linux User and Developer
    Leigh GNU Linux User Group (http://leigh.lug.org.uk)
    IRC: philwyett
    Twitter: philwyett and leigh_lug
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20140408/39de14c2/attachment.sig>


More information about the CentOS mailing list