[LON-CAPA-admin] Heartbleed?

Gerd Kortemeyer korte at lite.msu.edu
Tue Apr 15 08:17:42 EDT 2014


On Apr 15, 2014, at 8:07 AM, H. K. Ng <hkng at fsu.edu> wrote:

> Hi,
> From what I understand, any update on RH (centos) of openssl does not change the version number. It applies a patch to fix the bug. To see if the patch has been applied do
> rpm -q --changelog openssl | less
> The list should show a patch dated April 7 2014. Here are some of the discussions on the topic.

That is correct. Updating openssl on my CentOS 6.5 happened during routine “yum update”:

* Mon Apr 07 2014 Tomáš Mráz <tmraz at redhat.com> 1.0.1e-16.7
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

- Gerd.

More information about the LON-CAPA-admin mailing list