DevHeads.net

HeartBleed in RHEL

I know I'm slightly OT here, asking about RHEL, but since Centos is now a
part of RH, I'm hoping I won't be summarily ejected.

I've seen several articles that listed Centos 6.x as vulnerable, but
DID NOT LIST RHEL 6.

I'd think that if Centos 6.x is vulnerable, then so would RHEL 6.x,
since Centos is made from RHEL sources.

Does anyone know for sure either way?

thanks!

Comments

Re: HeartBleed in RHEL

By David Beveridge at 04/13/2014 - 21:12

see <a href="https://access.redhat.com/security/cve/CVE-2014-0160" title="https://access.redhat.com/security/cve/CVE-2014-0160">https://access.redhat.com/security/cve/CVE-2014-0160</a>
This issue did not affect the versions of openssl as shipped with Red
Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.4 and earlier, Red
Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss
Web Server 1 and 2. This issue does affect Red Hat Enterprise Linux
6.5, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat
Storage 2.1, which provided openssl 1.0.1e. Errata have been released
to correct this issue.

On Mon, Apr 14, 2014 at 10:59 AM, Fred Smith
< ... at fcshome dot stoneham.ma.us> wrote:

Re: HeartBleed in RHEL

By fred smith at 04/14/2014 - 08:51

On Mon, Apr 14, 2014 at 11:12:54AM +1000, David Beveridge wrote:
Thank you, Dave! That's exactly what I needed.

Fred

Re: HeartBleed in RHEL

By Digimer at 04/13/2014 - 21:09

On 13/04/14 08:59 PM, Fred Smith wrote:
Yes, RHEL 6 was effected.