From EGIWiki
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More


** WHITE information - Unlimited distribution                               **  

** see for distribution restrictions **

Title:       OpenSSL updates released on 19th March 2015 and VOMS  

Date:        2015-03-17 
Updated      2015-03-23, 2015-03-31

OpenSSL has released some updates at:

with the advisory at:--

The EGI SVG and CSIRT have looked at the advisory and think for the EGI infrastructure 
all of these issues are either not applicable or 'Low' risk. 

We previously stated that the latest version of OpenSSL for Debian breaks VOMS.
The patch in Debian that prevented VOMS working has since been dropped, and VOMS works 
with the latest version of OpenSSL in Debian.

Various tests have been carried out, and no problems have been found with the middleware 
and the recent versions of OpenSSL. Therefore we see no reason not to update. 

On behalf of the  EGI SVG, CSIRT and the UMD release team,