SCIENTIFIC-LINUX-ERRATA Archives

April 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: openssl on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 8 Apr 2014 13:39:35 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Synopsis:          Important: openssl security update
Advisory ID:       SLSA-2014:0376-1
Issue Date:        2014-04-08
CVE Numbers:       CVE-2014-0160
--

An information disclosure flaw was found in the way OpenSSL handled TLS
and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or
server could send a specially crafted TLS or DTLS Heartbeat packet to
disclose a limited portion of memory per request from a connected client
or server. Note that the disclosed portions of memory could potentially
include sensitive information such as private keys. (CVE-2014-0160)

For the update to take effect, all services linked to the OpenSSL library
(such as httpd and other SSL-enabled services) must be restarted or the
system rebooted.
--

SL6
  x86_64
    openssl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm
  i386
    openssl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
    openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-static-1.0.1e-16.el6_5.7.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2