Johnny Hughes
2014-Oct-16 20:48 UTC
[CentOS-announce] CESA-2014:1652 Important CentOS 6 openssl Security Update
CentOS Errata and Security Advisory 2014:1652
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
i386
-----------------------------
5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78
openssl-1.0.1e-30.el6_5.2.i686.rpm
dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d
openssl-devel-1.0.1e-30.el6_5.2.i686.rpm
dc42eb136b3cfef78d590d4ab29d36e5e5951bc9433d20d5ca633033d960a00d
openssl-perl-1.0.1e-30.el6_5.2.i686.rpm
95e67f00f7d58348e5f0df6ac74d7baecb9d5fc214d58ad257a14bec353219a3
openssl-static-1.0.1e-30.el6_5.2.i686.rpm
-----------------------------
X86_64
-----------------------------
5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78
openssl-1.0.1e-30.el6_5.2.i686.rpm
17bfdb52afcb2ebaa16875819b9d8d2f3dc84eb061ee3e194da14e286bc76029
openssl-1.0.1e-30.el6_5.2.x86_64.rpm
dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d
openssl-devel-1.0.1e-30.el6_5.2.i686.rpm
7c390aab888c07887fc783686f42216711665738e58c2b23029748292dd0f96d
openssl-devel-1.0.1e-30.el6_5.2.x86_64.rpm
dfdcf88163743d5f4fda06a69cba00b822b73ba66aa5841faf8c0e9841b91bcb
openssl-perl-1.0.1e-30.el6_5.2.x86_64.rpm
0f8cc0615d96d4d7e74b5ffc109143873510406dbb6be679d4ab94bd4f731cdb
openssl-static-1.0.1e-30.el6_5.2.x86_64.rpm
-----------------------------
Source:
-----------------------------
1a1c3ed0d8eb5775d89b726e7f19ff2d8b52b7ef27f6e36260e83ffc40328460
openssl-1.0.1e-30.el6_5.2.src.rpm
====================================================
The following upstream security issues are addressed in this update:
https://rhn.redhat.com/errata/RHSA-2014-1652.html
====================================================
NOTE: This update is released into the CentOS-6.5 tree and has a .el6_5 dist
tag, *NOT* the .el6_6 dist tag that Red Hat used for RHEL in the link above.
This update was built against 'CentOS-6.5 + updates' and that is where
it is
intended to be used.
The CentOS team will build and release a openssl-1.0.1e-30.el6_6.2.src.rpm as
a zero day update to CentOS-6.6 when that is released as we are currently
building CentOS-6.6 from the released Red Hat Enterprise Linux sources.
Please also note that even after installing this update, further action is
required to mitigate the POODLE issue on CentOS-6. Please see this link for
steps to take and ways to test for both the POODLE and TLS_FALLBACK_SCSV issues.
http://wiki.centos.org/Security/POODLE
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
David Hrbáč
2014-Oct-20 09:20 UTC
[CentOS] [CentOS-announce] CESA-2014:1652 Important CentOS 6 openssl Security Update
Hi, This announcement has different body scheme than the rest of announcement messages. Is it a new scheme? It breaks the importing scripts... Thanks, DH Dne 16.10.2014 v 22:48 Johnny Hughes napsal(a):> CentOS Errata and Security Advisory 2014:1652 > > The following updated files have been uploaded and are currently > syncing to the mirrors: ( sha256sum Filename ) > > ----------------------------- > i386 > ----------------------------- > > 5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 openssl-1.0.1e-30.el6_5.2.i686.rpm > dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d openssl-devel-1.0.1e-30.el6_5.2.i686.rpm > dc42eb136b3cfef78d590d4ab29d36e5e5951bc9433d20d5ca633033d960a00d openssl-perl-1.0.1e-30.el6_5.2.i686.rpm > 95e67f00f7d58348e5f0df6ac74d7baecb9d5fc214d58ad257a14bec353219a3 openssl-static-1.0.1e-30.el6_5.2.i686.rpm > > ----------------------------- > X86_64 > ----------------------------- > > 5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 openssl-1.0.1e-30.el6_5.2.i686.rpm > 17bfdb52afcb2ebaa16875819b9d8d2f3dc84eb061ee3e194da14e286bc76029 openssl-1.0.1e-30.el6_5.2.x86_64.rpm > dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d openssl-devel-1.0.1e-30.el6_5.2.i686.rpm > 7c390aab888c07887fc783686f42216711665738e58c2b23029748292dd0f96d openssl-devel-1.0.1e-30.el6_5.2.x86_64.rpm > dfdcf88163743d5f4fda06a69cba00b822b73ba66aa5841faf8c0e9841b91bcb openssl-perl-1.0.1e-30.el6_5.2.x86_64.rpm > 0f8cc0615d96d4d7e74b5ffc109143873510406dbb6be679d4ab94bd4f731cdb openssl-static-1.0.1e-30.el6_5.2.x86_64.rpm > > ----------------------------- > Source: > ----------------------------- > > 1a1c3ed0d8eb5775d89b726e7f19ff2d8b52b7ef27f6e36260e83ffc40328460 openssl-1.0.1e-30.el6_5.2.src.rpm > > ====================================================> > The following upstream security issues are addressed in this update: > > https://rhn.redhat.com/errata/RHSA-2014-1652.html > > ====================================================> > NOTE: This update is released into the CentOS-6.5 tree and has a .el6_5 dist > tag, *NOT* the .el6_6 dist tag that Red Hat used for RHEL in the link above. > > This update was built against 'CentOS-6.5 + updates' and that is where it is > intended to be used. > > The CentOS team will build and release a openssl-1.0.1e-30.el6_6.2.src.rpm as > a zero day update to CentOS-6.6 when that is released as we are currently > building CentOS-6.6 from the released Red Hat Enterprise Linux sources. > > Please also note that even after installing this update, further action is > required to mitigate the POODLE issue on CentOS-6. Please see this link for > steps to take and ways to test for both the POODLE and TLS_FALLBACK_SCSV issues. > > http://wiki.centos.org/Security/POODLE > > -- > Johnny Hughes > CentOS Project { http://www.centos.org/ } > irc: hughesjr, #centos at irc.freenode.net > > _______________________________________________ > CentOS-announce mailing list > CentOS-announce at centos.org > http://lists.centos.org/mailman/listinfo/centos-announce