[BlueOnyx:15164] Re: OpenSSL (CenOS-6.5/SL-6.5) CVE-2014-0160
Michael Stauber
mstauber at blueonyx.it
Thu Apr 10 12:06:01 -05 2014
Hi Randy,
> Was this older version just recompiled with the handshake removed
> (-DOPENSSL_NO_HEARTBEATS)? I expected the version update to be 1.0.1g.
See: https://rhn.redhat.com/errata/RHSA-2014-0376.html
The openssl-1.0.1e-16.el6_5.7 RPM was fixed by RedHat and then re-rolled
and distributed by CentOS and Scientific Linux based on the RedHat RPM.
As is policy with RedHat (and other RPM based distributions) they keep
the major version number the same during the lifetime of an OS and just
bump the release number. In this case they backported the fixes from
1.0.1g to this 1.0.1e to address the problem with CVE-2014-0160.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list