This is a reminder of this security errata.
Any SL6 system should apply this update. If your system has been
applying security errata regularly it is vulnerable until this update is
applied.
Systems with yum-autoupdate enabled using the default configuration have
the update applied and only need to restart applications linked against
openssl.
All applications linked against openssl must be restarted for this
update to take effect.
Pat
-------- Original Message --------
Subject: [SCIENTIFIC-LINUX-ERRATA] Security ERRATA Important: openssl
on SL6.x i386/x86_64
Date: Tue, 8 Apr 2014 13:39:35 +0000
From: Pat Riehecky <[log in to unmask]>
Reply-To: <[log in to unmask]>
To: <[log in to unmask]>
Synopsis: Important: openssl security update
Advisory ID: SLSA-2014:0376-1
Issue Date: 2014-04-08
CVE Numbers: CVE-2014-0160
--
An information disclosure flaw was found in the way OpenSSL handled TLS
and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or
server could send a specially crafted TLS or DTLS Heartbeat packet to
disclose a limited portion of memory per request from a connected client
or server. Note that the disclosed portions of memory could potentially
include sensitive information such as private keys. (CVE-2014-0160)
For the update to take effect, all services linked to the OpenSSL library
(such as httpd and other SSL-enabled services) must be restarted or the
system rebooted.
--
SL6
x86_64
openssl-1.0.1e-16.el6_5.7.i686.rpm
openssl-1.0.1e-16.el6_5.7.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm
i386
openssl-1.0.1e-16.el6_5.7.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
openssl-static-1.0.1e-16.el6_5.7.i686.rpm
- Scientific Linux Development Team