This is a reminder of this security errata. Any SL6 system should apply this update. If your system has been applying security errata regularly it is vulnerable until this update is applied. Systems with yum-autoupdate enabled using the default configuration have the update applied and only need to restart applications linked against openssl. All applications linked against openssl must be restarted for this update to take effect. Pat -------- Original Message -------- Subject: [SCIENTIFIC-LINUX-ERRATA] Security ERRATA Important: openssl on SL6.x i386/x86_64 Date: Tue, 8 Apr 2014 13:39:35 +0000 From: Pat Riehecky <[log in to unmask]> Reply-To: <[log in to unmask]> To: <[log in to unmask]> Synopsis: Important: openssl security update Advisory ID: SLSA-2014:0376-1 Issue Date: 2014-04-08 CVE Numbers: CVE-2014-0160 -- An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. -- SL6 x86_64 openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm i386 openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-perl-1.0.1e-16.el6_5.7.i686.rpm openssl-static-1.0.1e-16.el6_5.7.i686.rpm - Scientific Linux Development Team