Yeah been reviewing this but nothing has changed with ossec usage of OpenSSL in any released versions of the code. Things to make note of is ossec-authd makes use of OpenSSL but provides encrypted transport but zero, nine, nada authentication / authorization. So the bugs outline don't look to increase the exposure anymore then what is in place (aka nothing and no protection of man in the middle attacks).
Some code that has landed in master changes this and I am actively reviewing all the bugs and the effects on the pull request. https://github.com/ossec/ossec-hids/pull/205 > On Jun 5, 2014, at 4:52 PM, "BBcan177" <[email protected]> wrote: > > http://www.openssl.org/news/secadv_20140605.txt > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
