Re: [qmailtoaster] heartbleed bug

[Steve Huff]

hey folks - please be aware that simply patching OpenSSL is NOT sufficient to 
mitigate the risk.  if you have been using a RHEL/CentOS 6 system to host 
services secured by SSL, then you should consider your keys compromised, revoke 
your keys, and deploy new keys and new certs.

read http://heartbleed.com to learn more.

-steve

On Apr 8, 2014, at 7:57 PM, Cecil Yother, Jr.  wrote:

> FYI,  This fix has only come out in the past few days.
> On 04/08/2014 04:54 PM, Eric Shubert wrote:
>> On 04/08/2014 01:04 PM, Peter Peterse wrote: 
>>> Finn Buhelt schreef op 8-4-2014 21:53: 
 Hi list 
 
 Will this affects QMT ? ( latest release uses openssl-1.01 which is hit) 
 
 "New security holes are always showing up. The latest one, the 
 so-called Heartbleed Bug  
  in the OpenSSL  cryptographic library, is 
 an especially bad one"  - taken from zdnet.com 
 
 
 Regards, 
 Finn 
>>> 
>>> Hi Finn, 
>>> 
>>> I've read CentOS 6 is affected and CentOS 5 not. 
>>> 
>>> CentOS 5.10 contains OpenSSL 0.9.8e 
>>> 
>>> Regards, 
>>> Peter 
>> 
>> RHEL/CentOS has fixed this in openssl-1.0.1e-16.el6_5.7 
>> The fixed package was in all of the mirrors I happened to catch. 
>> 
>> To check if your package has the fix applied, you can: 
>> $ rpm -q openssl --changelog | grep CVE-2014-0160 
>> If you get nothing back (and you're on COS6) you should (yum) update your 
>> openssl package. 
>> 
> 
> -- 
> 

-- 
http://five.sentenc.es



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [qmailtoaster] heartbleed bug

[Peter Peterse]

Finn Buhelt schreef op 8-4-2014 21:53:
> Hi list
>
> Will this affects QMT ? ( latest release uses openssl-1.01 which is hit)
>
> "New security holes are always showing up. The latest one, the
> so-called Heartbleed Bug 
>  in the OpenSSL  cryptographic library, is
> an especially bad one"  - taken from zdnet.com
>
>
> Regards,
> Finn

Hi Finn,

I've read CentOS 6 is affected and CentOS 5 not.

CentOS 5.10 contains OpenSSL 0.9.8e

Regards,
Peter