I got an openssl-1.0.1e-16.el6_5.7 a little while ago.
It was in my Centos 6.5 yum check-update list.
It matches the Red Hat release number.
bb
On Tue, Apr 8, 2014 at 11:55 AM, Andrew Rowland
<andrewrowland.g@gmail.com> wrote:
> I'm not seeing any update packages from Cent os 6.5 via yum update. Any
> ideas?
>
>
> On Tue, Apr 8, 2014 at 11:42 AM, Joey Kelly <joey@joeykelly.net> wrote:
>>
>> On 04/08/2014 11:01 AM, John Souvestre wrote:
>> > Hi Joey.
>> >
>> > Right!
>> >
>> > Also ...
>> >
>> > Version check:
>> > Shell: openssl version -a
>> > But: Many distributions repackage it and use their own
>> > version
>> > number.
>> > Test site: http://filippo.io/Heartbleed/
>> >
>> > John
>> >
>> > John Souvestre - New Orleans LA
>>
>>
>> Here, go laugh at this: http://filippo.io/Heartbleed/#openssl.org:443
>>
>> --Joey
>>
>> >
>> >
>> > -----Original Message-----
>> > From: owner-nolug@stoney.kellynet.org
>> > [mailto:owner-nolug@stoney.kellynet.org]
>> > On Behalf Of Joey Kelly
>> > Sent: Tue, April 08, 2014 10:53 am
>> > To: undisclosed-recipients:
>> > Subject: [Nolug] SSL bug
>> >
>> > http://heartbleed.com
>> >
>> > Guys,
>> >
>> > The guy that wrote the above needs to work on his english a little, but
>> > what's
>> > described is bad. Very bad. If either end of an ssh or SSL connection
>> > (this
>> > includes VPNs, IPsec, Puppet, secure websites, and other stuff) runs
>> > vulnerable code (the site lists the versions in question), your stuff
>> > can be
>> > owned. Log into your bank? An attacker can follow right after you and
>> > steal
>> > all your money --- that bad.
>> >
>> > If you run Debian 7 or CentOS 6, you are vulnerable. Versions prior are
>> > safe
>> > (I have no idea which versions of Ubuntu are based on which versions of
>> > Debian, so if you run that, find out ASAP).
>> >
>> > Change all your SSL certs. Regenerate your ssh keys. Once that's done,
>> > change
>> > any password (ssh, web login, you name it) that was used on a vulnerable
>> > server. There is no telling if the bad guys knew about this before the
>> > bugs
>> > were found, and no way of knowing if your stuff was accessed or not.
>> >
>> > This is a Big Deal.
>> >
>> > --
>> > Joey Kelly
>> > Minister of the Gospel and Linux Consultant http://joeykelly.net
>> > 504-239-6550
>> > ___________________
>> > Nolug mailing list
>> > nolug@nolug.org
>> >
>> ___________________
>> Nolug mailing list
>> nolug@nolug.org
>
>
>
>
> --
> Andrew Rowland
> Web Designer | Managing Partner
> P.S. Designs
> (618) 518-9009
> http://puresimplicitydesigns.com
> "Simplicity is the ultimate sophistication." - Leonardo da Vinci
>
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/08/14
This archive was generated by hypermail 2.2.0 : 04/08/14 EDT