The following updates address POODLE on CentOS:
CentOS-5:
http://lists.centos.org/pipermail/centos-announce/2014-October/020696.html
CentOS-6.5:
http://lists.centos.org/pipermail/centos-announce/2014-October/020697.html
CentOS-7:
http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html
Please note that the CentOS-6.5 updates are built from:
openssl-1.0.1e-30.el6_5.2.src.rpm
This is the version that Red Hat released for RHEL 6.6 as
openssl-1.0.1e-30.el6_6.2.src.rpm. Notice that the dist tag is different for
our release.
The reason is that we are currently working on CentOS-6.6 and it will not be
released for several more days. Rather than wait on the POODLE issue, the
CentOS team decided to build a version of this update for 6.5:
(the current release, built from openssl-1.0.1e-30.el6_5.2.src.rpm) as well a
version based on openssl-1.0.1e-30.el6_6.2.src.rpm as a zeroday update for
CentOS-6.6 when it is released.
You must also take action to disable SSLv3 as well as installing these update to
mitigate POODLE on CentOS-5, CentOS-6 and/or CentOS-7, please see this link for
details:
http://wiki.centos.org/Security/POODLE
Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20141016/466453ce/attachment-0003.sig>