Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Alerts/Logjam-2015-05-29

From EGIWiki
Jump to navigation Jump to search
EGI-CSIRT web site EGI-CSIRT Public wiki EGI-CSIRT Contacts EGI-CSIRT Activities EGI-CSIRT Private wiki 


** WHITE information - Unlimited distribution                               **  

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **


Title:       EGI SVG 'Low' Risk - SSL TLS 'Logjam' vulnerability CVE-2015-4000  

Date:        2015-05-29 
Updated     


There has been some publicity concerning the TLS 'Logjam' vulnerability CVE-2015-4000. 
  
This is described in [R 1], [R 2] hence we are sending this alert.  

The EGI Software Vulnerability group and CSIRT have looked at this issue, and consider it to be 'Low' risk 
in the EGI environment.  

Some items of Grid middleware may be affected by changes to OpenSSL [R 3] and this is being investigated. 

Information is also available in the US National Vulnerability Database [R 4]


[R 1] https://weakdh.org/

[R 2] https://access.redhat.com/articles/1456263

[R 3] http://openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
 
[R 4] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000
Retrieved from "https://wiki.egi.eu/w/index.php?title=EGI_CSIRT:Alerts/Logjam-2015-05-29&oldid=79776"