Fuel for OpenStack

openssl version for the heartbleed issue

Asked by Drazic Lin

For fuel 4.1, I think it'll be affected by the heartbleed issue.

How to update 'openssl' from the old version '1.0.0-27.e16' to '1.0.1e-16.el6_5.7' since we only have the old package in fuel repository?

http://puppetlabs.com/blog/patching-heartbleed-openssl-vulnerability-puppet-enterprise

Question information

Language:
English Edit question
Status:
Solved
For:
Fuel for OpenStack Edit question
Assignee:
No assignee Edit question
Solved by:
David J. Easter
Solved:
Last query:
Last reply:
Revision history for this message
Best David J. Easter (deaster) said : 		#21

Mirantis has created a technical bulletin for this issue. It can be found here:

http://cdn2.hubspot.net/hub/197500/file-663391420-pdf/pdf/Mirantis_OpenStack_Technical_Bulletin_11Apr2014.pdf

Revision history for this message
Drazic Lin (drazic-lin) said : 		#56

Thanks David J. Easter, that solved my question.

Revision history for this message
Miroslav Anashkin (manashkin) said : 		#133

Greetings Drazic Lin,

What versions of the OpenSSL are affected?

Status of different versions:

    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
    OpenSSL 1.0.1g is NOT vulnerable
    OpenSSL 1.0.0 branch is NOT vulnerable
    OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

So, OpenSSL version, used in Mirantis OpenStack 4.1(1.0.0-27.e16) is not affected by Heartbleed issue.
Heartbleed issue was introduced in OpenSSL 1.0.1, while in 4.1 we use older 1.0.0.

Kind regards,
Miroslav

Revision history for this message
Bogdan Dobrelya (bogdando) said : 		#134

LinkedIn
------------

I'd like to add you to my professional network on LinkedIn.

- Bogdan

Bogdan Dobrelya
Senior deployment engineer at Mirantis
Ukraine

Confirm that you know Bogdan Dobrelya:
https://www.linkedin.com/e/jim7tk-hw8ydx05-48/isd/5882047079387246595/YZ_GfnJ0/?hs=false&tok=2q4OP0ZPtzFmg1

--
You are receiving Invitation to Connect emails. Click to unsubscribe:
http://www.linkedin.com/e/jim7tk-hw8ydx05-48/Xe70K8282ocF3ecGgNCZVL2qqmlBRHx65StSHLas_A_H34cAsKXtIM/goo/question248024%40answers%2Elaunchpad%2Enet/20061/I7235352964_1/?hs=false&tok=1xgNELFd1zFmg1

(c) 2012 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA.