Bugzilla – Bug 5854
Upgrade OpenSSL to the latest version
Last modified: 2016-09-23 10:08:18
You need to
before you can comment on or make changes to this bug.
We're on 1.0.2e and 1.0.2g is out. There has been a couple of CVEs:
Servers, so doesn't affect us.
DSA keys, which we no longer use.
Exotic use of OpenSSL. May be affected.
Could affect our ssh client, but not likely to be exploitable.
1.0.2h is also out, with a few more CVEs:
Not sure if it covers us. Doesn't sound like it. It was however already fixed
back in 1.0.2c.
Sounds like it affects both OpenSSH and rdesktop. It is however a MITM, which
rdesktop doesn't have protection for. Could be severe problems for OpenSSH
Not clear when this can hit. May be affected. Low severity.
Only EBCDIC systems.
Fixed in r31494.
Verified that it is included in the build (5162)
Verified that rdesktop still works.
Verified client connects on CentOS 7, and MacOSX.