OpenSSL today released a security update for various issues – including two high-severity ones.
We reviewed those issues and found that only one of the high-severity ones are applicable to our environment (RSA silently downgrades to EXPORT_RSA [Client] – CVE-2015-0204). Other issues are of lower severity and not all of them apply to the version currently used.
We are currently waiting for Gentoo to provide the GLSA and package updates which we expect to happen at latest by tomorrow. After that we will run our own quality assurance and provide those updated packages to you quickly.
If you have any questions (about the OpenSSL update or otherwise) please contact us: we’re here to help you!
Update: the OpenSSL fix is there and gets currently rolled out on our infrastructure.
LikeLike