centos-announce-request at centos.org
2014-Apr-08 12:00 UTC
[CentOS] CentOS-announce Digest, Vol 110, Issue 5
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CVE-2014-0160 CentOS 6 openssl heartbleed workaround
(Karanbir Singh)
2. CESA-2014:0376 Important CentOS 6 openssl Update (Karanbir Singh)
----------------------------------------------------------------------
Message: 1
Date: Tue, 08 Apr 2014 03:11:01 +0100
From: Karanbir Singh <kbsingh at centos.org>
Subject: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed
workaround
To: CentOS Announcements List <centos-announce at centos.org>
Message-ID: <53435AB5.8050605 at centos.org>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Earlier in the day today, we were made aware of a serious
issue in openssl as shipped in CentOS-6.5 ( including updates issued
since CentOS-6.5 was released ); This issue is addressed in detail at
http://heartbleed.com/
Upstream have not released a patched version of openssl, although we
are reliably informed that there is quite a bit of effort ongoing
to release a patched package soon.
As an interim workaround, we are releasing packages that disable the
exploitable code using the published workaround( tls heartbeat );
Note that these packages do not resolve the issue, they merely
disable the feature that is being exploited.
i386:
58ac5c57e0bcc3a34434973244ddb5eaf1323ef4ff1341f8ad78ec722a794238
openssl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
b4413e3509647ca7ad2d9d3eb7d53b367b7ea0d43a0d3553c9e517fdfc0a81a7
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
12e4456c9c9783fb08794d6a96b5aba4ee28d146b836d626cd1c6b073710d62a
openssl-perl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
8fbf30e0e237a772417013e81144715d7422fcb585e58adba9635164e3598f4e
openssl-static-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
x86_64:
58ac5c57e0bcc3a34434973244ddb5eaf1323ef4ff1341f8ad78ec722a794238
openssl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
80d3f839551280bec1aafaacbaddde6b4112c5d64ed4f5ecd2cb3974785319c0
openssl-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
b4413e3509647ca7ad2d9d3eb7d53b367b7ea0d43a0d3553c9e517fdfc0a81a7
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
fc146768d01e92c1dca6b8fffc2b272e62ee7e30c8004e64aa6c5a62707d8d30
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
8a91c231fe0b021613f784bac7d31e9468a2b286f75afb0276e8b4fe33020092
openssl-perl-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
fa2d68756a47d41ee227dcdc3de878c8f4edfb1d7b17b4b96027c991406aa4ee
openssl-static-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
- ----
Notes:
1) All versions of CentOS prior to 6.5 are unaffected.
2) the release tag in these packages is marked in a manner that the next
upstream version will override and replace these packages.
ref:
- - http://heartbleed.com/
- - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0160
- - https://access.redhat.com/security/cve/CVE-2014-0160
- --
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlNDWrUACgkQMA29nj4Tz1tYqgCfVEG1WN0hoJLbOcnZ5Fd0u9U5
JIMAoKg4xsIRFY54pnacEMwfrmWbxwVx
=8y4U
-----END PGP SIGNATURE-----
------------------------------
Message: 2
Date: Tue, 8 Apr 2014 02:54:58 +0000
From: Karanbir Singh <kbsingh at centos.org>
Subject: [CentOS-announce] CESA-2014:0376 Important CentOS 6 openssl
Update
To: centos-announce at centos.org
Message-ID: <20140408025458.GA45134 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2014:0376 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8
openssl-1.0.1e-16.el6_5.7.i686.rpm
ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba
openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5
openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90
openssl-static-1.0.1e-16.el6_5.7.i686.rpm
x86_64:
6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8
openssl-1.0.1e-16.el6_5.7.i686.rpm
42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712
openssl-1.0.1e-16.el6_5.7.x86_64.rpm
ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba
openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b
openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594
openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0
openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm
Source:
3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d
openssl-1.0.1e-16.el6_5.7.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #centos at irc.freenode.net
------------------------------
_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 110, Issue 5
***********************************************
Maybe Matching Threads
Wisdom of the Ancients
