** WHITE information - Unlimited distribution **
** see https://go.egi.eu/tlp for distribution restrictions **
Title: OpenSSL updates released on 19th March 2015 and VOMS
Date: 2015-03-17
Updated: 2015-03-23, 2015-03-31
OpenSSL has released some updates at:
https://www.openssl.org/
with the advisory at:--
https://www.openssl.org/news/secadv_20150319.txt
The EGI SVG and CSIRT have looked at the advisory and think for the EGI
infrastructure all of these issues are either not applicable or 'Low' risk.
We previously stated that the latest version of OpenSSL for Debian breaks VOMS.
The patch in Debian that prevented VOMS working has since been dropped, and
VOMS works with the latest version of OpenSSL in Debian.
Various tests have been carried out, and no problems have been found with the
middleware and the recent versions of OpenSSL. Therefore we see no reason not
to update.
On behalf of the EGI SVG, CSIRT and the UMD release team,