[BlueOnyx:15163] Re: OpenSSL (CenOS-6.5/SL-6.5) CVE-2014-0160

[Michael Stauber]

Hi Alex,

> A yum --list gives:
> yum list openssl
> Loaded plugins: security
> Installed Packages
> openssl.x86_64                   1.0.1e-16.el6_5.7                   @BlueOnyx
> Available Packages
> openssl.i686                     1.0.1e-16.el6_5.7                   sl-security
> 
> what's wrong ?

The CentOS mirrors were slow to distribute the fixed openssl. So on the
release day of the update, the UK mirrors (and some others) still didn't
have the new OpenSSL even hours after it had been released.

To speed up the distribution and to make it available immediately to
BlueOnyx users I added the fixed OpenSSL from SL-6.5 to the BlueOnyx YUM
repository for 5107R/5108R as well.

Do a "rpm -q --changelog openssl|more" to take a look at the changelog
of the RPM. You'll see that it contains the fix against CVE-2014-0160.

-- 
With best regards

Michael Stauber