[opensuse] Heartbleed / OpenSSL fix?
Hi, any word on when to expect fixed OpenSSL libs for 12.3 and 13.1? -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On Tue, Apr 08, 2014 at 08:15:59AM +0300, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
Hopefully today. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/08/2014 09:58 AM, Marcus Meissner wrote:
On Tue, Apr 08, 2014 at 08:15:59AM +0300, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
Hopefully today.
There is a fix announced now but it says libopenssl-devel-32bit-1.0.1e-1.44.1 libopenssl1_0_0-32bit-1.0.1e-1.44.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1 1.0.1e... According to the original CVE, 1.0.1e in still vulnerable: [snip] Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. [snap] (https://www.openssl.org/news/secadv_20140407.txt) @Marcus: Was the team to quick quickfixing? -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On Tue, Apr 08, 2014 at 02:18:27PM +0300, Stefan Gofferje wrote:
On 04/08/2014 09:58 AM, Marcus Meissner wrote:
On Tue, Apr 08, 2014 at 08:15:59AM +0300, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
Hopefully today.
There is a fix announced now but it says
libopenssl-devel-32bit-1.0.1e-1.44.1 libopenssl1_0_0-32bit-1.0.1e-1.44.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1
1.0.1e... According to the original CVE, 1.0.1e in still vulnerable: [snip] Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. [snap] (https://www.openssl.org/news/secadv_20140407.txt)
@Marcus: Was the team to quick quickfixing?
We are backporting security fixes as usual and not do version update. So here in that case we backported the fix for the issue. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 08/04/14 08:18, Stefan Gofferje escribió:
On 04/08/2014 09:58 AM, Marcus Meissner wrote:
On Tue, Apr 08, 2014 at 08:15:59AM +0300, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
Hopefully today.
There is a fix announced now but it says
libopenssl-devel-32bit-1.0.1e-1.44.1 libopenssl1_0_0-32bit-1.0.1e-1.44.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1
1.0.1e... According to the original CVE, 1.0.1e in still vulnerable: [snip] Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. [snap] (https://www.openssl.org/news/secadv_20140407.txt)
@Marcus: Was the team to quick quickfixing?
The distribution usually fixes this kind of problems with a source code backport instead of version update, in the particular case of 13.1 , upgrading the openSSL version should be fine though as there is no ABI change in-between. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/08/2014 01:15 AM, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
-S
Thanks to the security team for the quick fix :) Later, Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU SUSE-IBM Software Integration Center LINUX Tech Lead Public Cloud Architect rjschwei@suse.com rschweik@ca.ibm.com 781-464-8147 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 08/04/14 12:17, Robert Schweikert escribió:
On 04/08/2014 01:15 AM, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
-S
Thanks to the security team for the quick fix :)
Depending on your needs and configuration you might want to revoke your certificates as well... -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Cristian Rodríguez -
Marcus Meissner -
Robert Schweikert -
Stefan Gofferje