[RndTbl] OpenSSL again: update now

Trevor Cordes trevor at tecnopolis.ca
Fri Jun 6 23:01:30 CDT 2014


Obviously OpenSSL is getting the royal treatment of scrutiny now...
these two bugs were fixed this week, and both are potentially very
nasty.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
could allow remote arbitrary code execution in a default setup

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
was considered bad enough by the Fedora people to issue a separate
warning statement (they almost never do that), though it depends on
both sides using OpenSSL, which would be rare-ish in the browser world
dominated by FF, Chrome, IE, etc, under normal use cases

Don't forget to restart your httpd (and every other "d" that uses
OpenSSL) after updating!


More information about the Roundtable mailing list