SVG:Advisory-SVG-2015-8343

From EGIWiki
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template RAT/Membership Documents Assessment Secure Coding Info for SVG members

Advisory-SVG-2015-8343



** WHITE information - Unlimited distribution                               **  

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **


Title:       OpenSSL updates released on 19th March 2015 and VOMS  

Date:        2015-03-17 
Updated      2015-03-23, 2015-03-31


OpenSSL has released some updates at: 

https://www.openssl.org/

with the advisory at:--

https://www.openssl.org/news/secadv_20150319.txt

The EGI SVG and CSIRT have looked at the advisory and think for the EGI infrastructure 
all of these issues are either not applicable or 'Low' risk. 

We previously stated that the latest version of OpenSSL for Debian breaks VOMS.
The patch in Debian that prevented VOMS working has since been dropped, and VOMS works 
with the latest version of OpenSSL in Debian.

Various tests have been carried out, and no problems have been found with the middleware 
and the recent versions of OpenSSL. Therefore we see no reason not to update. 



On behalf of the  EGI SVG, CSIRT and the UMD release team, 

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export