** WHITE information - Unlimited distribution **
** see https://go.egi.eu/tlp for distribution restrictions **
Title: EGI SVG 'Low' Risk - SSL TLS 'Logjam' vulnerability CVE-2015-4000
Date: 2015-05-29
Updated
There has been some publicity concerning the TLS 'Logjam' vulnerability
CVE-2015-4000.
This is described in [R 1], [R 2] hence we are sending this alert.
The EGI Software Vulnerability group and CSIRT have looked at this issue, and
consider it to be 'Low' risk in the EGI environment.
Some items of Grid middleware may be affected by changes to OpenSSL [R 3] and
this is being investigated.
Information is also available in the US National Vulnerability Database [R 4]
[R 1] https://weakdh.org/
[R 2] https://access.redhat.com/articles/1456263
[R 3] http://openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
[R 4] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000