EGI CSIRT:Alerts/Logjam-2015-05-29
Jump to navigation
Jump to search
EGI-CSIRT web site | EGI-CSIRT Public wiki | EGI-CSIRT Contacts | EGI-CSIRT Activities | EGI-CSIRT Private wiki |
** WHITE information - Unlimited distribution ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** Title: EGI SVG 'Low' Risk - SSL TLS 'Logjam' vulnerability CVE-2015-4000 Date: 2015-05-29 Updated There has been some publicity concerning the TLS 'Logjam' vulnerability CVE-2015-4000. This is described in [R 1], [R 2] hence we are sending this alert. The EGI Software Vulnerability group and CSIRT have looked at this issue, and consider it to be 'Low' risk in the EGI environment. Some items of Grid middleware may be affected by changes to OpenSSL [R 3] and this is being investigated. Information is also available in the US National Vulnerability Database [R 4] [R 1] https://weakdh.org/ [R 2] https://access.redhat.com/articles/1456263 [R 3] http://openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ [R 4] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000