[LON-CAPA-admin] Heartbleed?

Neubauer, Paul pneubauer at bsu.edu
Tue Apr 15 08:29:25 EDT 2014

Thanks, Stuart.

-----Original Message-----
From: lon-capa-admin-bounces at mail.lon-capa.org [mailto:lon-capa-admin-bounces at mail.lon-capa.org] On Behalf Of Stuart Raeburn
Sent: Tuesday, April 15, 2014 8:26 AM
To: lon-capa-admin at mail.lon-capa.org
Subject: Re: [LON-CAPA-admin] Heartbleed?


According to the CentOS announce list:

openssl 1.0.1e-16.el6_5.7 released by CentOS on 4/8 includes the  
RedHat fix for the heartbleed bug in the openssl rpm originally  
included with CentOS 6.5.

for details.

> Is there any plan to add 1.0.1g to the repository any time soon?

If you mean LON-CAPA's repository of RPMs for CentOS at:  

then the answer would be no.

I typically only create RPMs in cases where the standard repositories  
provided by the Linux distro maintainers do not contain a particular  
package which LON-CAPA requires, or there is functionality in a more  
recent version of a package than the one provided by the distro which  
LON-CAPA requires.

In the case of security fixes the expectation is that the distro  
maintainers will patch their own RPMs, as was the case here with the  
patch to openssl 1.0.1e on 4/8.

The CentOS maintainers released openssl-1.0.1e-16.el6_5.4.0.1.centos  
as a preliminary patch on 4/8 at 02:11 UTC, and then released  
openssl-1.0.1e-16.el6_5.7 on 4/8 at 02:55 UTC once the upstream  
maintainers (RedHat) had made that available.

Note: the heartbleed bug did not affect CentOS 5 which has:  

Stuart Raeburn
LON-CAPA Academic Consortium

Quoting "Neubauer, Paul" <pneubauer at bsu.edu>:

> Hello all,
> I see that the latest list of "RPMs to update" only includes
> openssl.x86_64                             1.0.1e-16.el6_5.7          
>      updates
> According to the openssl.org website, the Heartbleed bug affects   
> versions through 1.0.1f and the fixed version is 1.0.1g.
> Is there any plan to add 1.0.1g to the repository any time soon?   
> Alternatively, does anyone have a suggestion for a repository with   
> 1.0.1g?
> Thanks,
> Paul

LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org

More information about the LON-CAPA-admin mailing list