On Tue, 8 Apr 2014, Michael Rasmussen wrote:
Rich Shepard wrote:
For those who don't follow Brian Krebs' blog (krebsonsecurity.com) or other Web security sites: openssl-1.0.1 through -1.0.1f has a critical vulnerability and a simple exploit is circulating on the Web. If you run an outward-facing httpd that uses openssl upgrade to -1.0.1g now.Or downgrade or remain at downgraded version. RHEL and SuSE Enterprise are both on 0.9.8.x versions. Saved me a lot of grief at work.
RHEL 5 using 0.9.8, but RHEL (and CentOS) 6 use a vulnerable version, though a patch has been released.
See http://heartbleed.com/ for vulnerability info. It's pretty serious. -- Paul Heinlein [email protected] 45°38' N, 122°6' W
_______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
