SVG:Advisory-SVG-2015-8343
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-8343
** WHITE information - Unlimited distribution ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** Title: OpenSSL updates released on 19th March 2015 and VOMS Date: 2015-03-17 Updated 2015-03-23, 2015-03-31 OpenSSL has released some updates at: https://www.openssl.org/ with the advisory at:-- https://www.openssl.org/news/secadv_20150319.txt The EGI SVG and CSIRT have looked at the advisory and think for the EGI infrastructure all of these issues are either not applicable or 'Low' risk. We previously stated that the latest version of OpenSSL for Debian breaks VOMS. The patch in Debian that prevented VOMS working has since been dropped, and VOMS works with the latest version of OpenSSL in Debian. Various tests have been carried out, and no problems have been found with the middleware and the recent versions of OpenSSL. Therefore we see no reason not to update. On behalf of the EGI SVG, CSIRT and the UMD release team,