On 12/06/2013 04:17 AM, Cristina Aiftimiei wrote: > On 12/6/13 10:43 AM, Stephan Wiesand wrote: >> Dear Cristina, >> >> On 2013-12-06, at 9:46, Cristina Aiftimiei >> <[log in to unmask]> wrote: >> >>> Dear all, >>> >>> I hope it is the right place to ask. If not please let me know who >>> else I shoul contact. >>> >>> There was an update few days ago: >>> http://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=571 >>> >>> that broke some of our sevices/components/software that use openssl >>> with the following error: >>> Socket error contacting >>> https://grid-voms.desy.de:8443/voms/desy/services/VOMSAdmin: [Errno >>> 1] _ssl.c:492: error:100AE081:elliptic curve >>> routines:EC_GROUP_new_by_curve_name:unknown group >>> >>> seems to be somethign known, that references also some bugs >>> http://comments.gmane.org/gmane.mail.postfix.user/239960 >>> >>> For the moment I "solved" the issue in a very ugly way, by >>> protecting in a local repository the previous version of openssl, >>> openssl-1.0.0-27.el6_4.2. >>> Been an sl-security update I would like to ask you if there are >>> specific security fixes provided with the 1.0.1e-15 version ( the >>> release notes talk only of "added for dependency resolution ") >>> >>> Do you know if the issue reported in RHEL will/can be fixed in SL6? >> looks like it was tracked in BZ #1025598 and should be fixed in >> openssl-1.0.1e-16.el6_5 . Until it appears in fastbugs, one could >> probably use the centos packages. > thank you very much!! > I forgot mentioning that in CEntOS there was the 16 :-). and ask if I > could use it. > > One of the issues I observed was that the packages updated(hence > build) after the release of the 1.0.1e-15 depend on the new opessl > library so by "protecting" I should also advice to exclude certain > packages ( that for the moment we not use anyhow), like ruby. > > II'll take the "16" version for the moment. > > Thank youv ery much again, > Cristina > >> Thanks for the heads up, >> Stephan >> >>> Thank you very much, >>> Cristina > I've just pushed the SL6.5 fastbugs into 6rolling. http://ftp.scientificlinux.org/linux/scientific/6rolling/ Pat -- Pat Riehecky Scientific Linux developer http://www.scientificlinux.org/