On 04/08/2014 01:12 PM, Alain Péan wrote:
> Le 08/04/2014 19:05, Tony Mountifield a écrit :
>> And I notice that the new libraries after applying the update are
>> STILL called 1.0.1e - is that correct? Could be confusing.
> Because at this time, it's only a workaround that disable certain
> services, not a fix to the libraries, as I read in the annoucement ?
>
> Alain
>
According to the changelog this update 5.7 fixed the cve.
$ rpm -qa|grep openssl
openssl-1.0.1e-16.el6_5.7.x86_64
openssl-devel-1.0.1e-16.el6_5.7.x86_64
Tue Apr 8 12:17:25 EDT 2014
Z643357:~
$ rpm -q --changelog openssl | less
* Mon Apr 07 2014 Tomás( Mráz <tmraz@xxxxxxxxxx> 1.0.1e-16.7
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@xxxxxxxxxxxxx
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
