[CentOS] Security implications of openssl098e on CentOS 7

Wed Oct 21 18:58:22 UTC 2015
Nick Bright <nick.bright at valnet.net>

On 10/21/2015 1:55 PM, Andrew Holway wrote:
> Personally I would go round to that particular vendors office with a pipe
> wrench and encourage them to do better however, unless this software is
> transmitting credit card information then it seems that you could be
> safe(ish) from the regulation standpoint. It really depends on the location
> of the machine. Is it deep in the bowels of your high security nuclear
> bunker on an air gap network or is is merrily accepting incoming traffic
> from China? Is the software is using an appropriate SELinux policy or is it
> running unconfined or with SELinux turned off?
> It seems the PCI-DSS describe a set of simple rules to get IT managers
> thinking but they are somewhat open to interpretation. Are you abiding to
> the spirit of the regulations?
The particular software requiring 0.9.8 is performing backups of the 
system to a remote data center.

My concern is that, with the compatibility package installed, could this 
present vulnerabilities or compliance problems in Apache?

-  Nick Bright                                -
-  Vice President of Technology               -
-  Valnet -=- We Connect You -=-              -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/                 -
- Are your files safe?                        -
- Valnet Vault - Secure Cloud Backup          -
- More information & 30 day free trial at     -
- http://www.valnet.net/services/valnet-vault -

This email message and any attachments are intended solely for the use of the addressees hereof. This message and any attachments may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system.