[CentOS] OpenSSL Update - not a security update???
Johnny Hughes
johnny at centos.orgMon Mar 7 18:48:18 UTC 2016
- Previous message: [CentOS] OpenSSL Update - not a security update???
- Next message: [CentOS] OpenSSL Update - not a security update???
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 03/07/2016 12:14 PM, James Washington wrote: > Hey all, > > Sorry to jump in here but out of curiosity, has the patch actually been back ported to earlier versions of OpenSSL regarding the recent DROWN attack? I've checked the RPM change log and nothing's been mentioned relating to CVE-2016-0800 (I think that was the CVE number). Or is this thread not relating to that vulnerability? > > Kind regards Yes, this update addresses Drown .. but installing the update alone is not enough, you also have to turn off SSLv2 You can see how to do that for many different services here: https://access.redhat.com/articles/1462183 And lots of info here: https://access.redhat.com/security/vulnerabilities/drown -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20160307/69f7eab4/attachment-0001.sig>
- Previous message: [CentOS] OpenSSL Update - not a security update???
- Next message: [CentOS] OpenSSL Update - not a security update???
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list