[RndTbl] OpenSSL again: update now
Trevor Cordes
trevor at tecnopolis.ca
Fri Jun 6 23:01:30 CDT 2014
Obviously OpenSSL is getting the royal treatment of scrutiny now...
these two bugs were fixed this week, and both are potentially very
nasty.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
could allow remote arbitrary code execution in a default setup
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
was considered bad enough by the Fedora people to issue a separate
warning statement (they almost never do that), though it depends on
both sides using OpenSSL, which would be rare-ish in the browser world
dominated by FF, Chrome, IE, etc, under normal use cases
Don't forget to restart your httpd (and every other "d" that uses
OpenSSL) after updating!
More information about the Roundtable
mailing list