The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "SVG:Advisory-SVG-2015-8343"
Jump to navigation
Jump to search
(Created page with "{{svg-header}} <pre> ** WHITE information - Unlimited distribution ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictio...") |
|||
| Line 22: | Line 22: | ||
https://www.openssl.org/news/secadv_20150319.txt | https://www.openssl.org/news/secadv_20150319.txt | ||
The EGI SVG and CSIRT have looked at the advisory and think for the EGI infrastructure all of these issues are either not applicable or 'Low' risk. | The EGI SVG and CSIRT have looked at the advisory and think for the EGI infrastructure | ||
all of these issues are either not applicable or 'Low' risk. | |||
We previously stated that the latest version of OpenSSL for Debian breaks VOMS. | We previously stated that the latest version of OpenSSL for Debian breaks VOMS. | ||
The patch in Debian that prevented VOMS working has since been dropped, and VOMS works with the latest version of OpenSSL in Debian. | The patch in Debian that prevented VOMS working has since been dropped, and VOMS works | ||
with the latest version of OpenSSL in Debian. | |||
Various tests have been carried out, and no problems have been found with the middleware and the recent versions of OpenSSL. Therefore we see no reason not to update. | Various tests have been carried out, and no problems have been found with the middleware | ||
and the recent versions of OpenSSL. Therefore we see no reason not to update. | |||
Latest revision as of 10:33, 1 April 2015
| Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-8343
** WHITE information - Unlimited distribution ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** Title: OpenSSL updates released on 19th March 2015 and VOMS Date: 2015-03-17 Updated 2015-03-23, 2015-03-31 OpenSSL has released some updates at: https://www.openssl.org/ with the advisory at:-- https://www.openssl.org/news/secadv_20150319.txt The EGI SVG and CSIRT have looked at the advisory and think for the EGI infrastructure all of these issues are either not applicable or 'Low' risk. We previously stated that the latest version of OpenSSL for Debian breaks VOMS. The patch in Debian that prevented VOMS working has since been dropped, and VOMS works with the latest version of OpenSSL in Debian. Various tests have been carried out, and no problems have been found with the middleware and the recent versions of OpenSSL. Therefore we see no reason not to update. On behalf of the EGI SVG, CSIRT and the UMD release team,