Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

SVG:Advisory-SVG-2015-8343

From EGIWiki
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisory-SVG-2015-8343



** WHITE information - Unlimited distribution                               **  

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **


Title:       OpenSSL updates released on 19th March 2015 and VOMS  

Date:        2015-03-17 
Updated      2015-03-23, 2015-03-31


OpenSSL has released some updates at: 

https://www.openssl.org/

with the advisory at:--

https://www.openssl.org/news/secadv_20150319.txt

The EGI SVG and CSIRT have looked at the advisory and think for the EGI infrastructure 
all of these issues are either not applicable or 'Low' risk. 

We previously stated that the latest version of OpenSSL for Debian breaks VOMS.
The patch in Debian that prevented VOMS working has since been dropped, and VOMS works 
with the latest version of OpenSSL in Debian.

Various tests have been carried out, and no problems have been found with the middleware 
and the recent versions of OpenSSL. Therefore we see no reason not to update. 



On behalf of the  EGI SVG, CSIRT and the UMD release team,