[sles-beta] OpenSSL Heartbleed
Matthias G. Eckermann
mge at suse.com
Thu Apr 10 06:23:29 MDT 2014
Hello Simona and all,
On 2014-04-10 T 13:20 +0100 Simon Flood wrote:
> I'm sure it's in hand but just to note that the
> version of OpenSSL included in SLES12 Beta 4 appears
> to be 1.0.1f without protection from CVE-2014-0160.
>
> I guess ditto for SLED12 too.
well, we don't assume that anybody uses SLE 12 Beta4 on
a machine which provides a service to the public
internet (beyond probably ssh, which is safe).
That said, a fix in SLE 12 Beta5 is sufficient in our
perspective, and will be provided.
Or am I mistaken with my assumption above?
so long -
MgE
--
Matthias G. Eckermann Senior Product Manager SUSE® Linux Enterprise
Phone: +49 30 44315731 Mobile: +49 179 2949448 E-Mail: mge at suse.com
SUSE LINUX Products GmbH Maxfeldstraße 5 90409 Nürnberg Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.suse.com/mailman/private/sles-beta/attachments/20140410/c63e9760/attachment.sig>
More information about the sles-beta
mailing list