[CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
Phil Wyett
aura.yoda at gmail.com
Tue Apr 8 17:37:54 UTC 2014
On Tue, 2014-04-08 at 19:12 +0200, Alain Péan wrote:
> Le 08/04/2014 19:05, Tony Mountifield a écrit :
> > And I notice that the new libraries after applying the update are
> > STILL called 1.0.1e - is that correct? Could be confusing.
>
> Because at this time, it's only a workaround that disable certain
> services, not a fix to the libraries, as I read in the annoucement ?
>
> Alain
>
If you: rpm -qa | grep openssl
If you have: openssl-1.0.1e-16.el6_5.4.0.1
You have the package with affected elements disabled. These were made
until the final fixes could be brought in and applied.
If you have: openssl-1.0.1e-16.el6_5.7
You have the package with the upstream fix(es) applied and supersedes
the openssl-1.0.1e-16.el6_5.4.0.1 packages.
Regards
Phil
--
Phil Wyett
{
GNU Linux User and Developer
Leigh GNU Linux User Group (http://leigh.lug.org.uk)
IRC: philwyett
Twitter: philwyett and leigh_lug
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20140408/39de14c2/attachment.sig>
More information about the CentOS
mailing list