cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: OpenSSL vunerability (bleedheart)
Date Wed, 09 Apr 2014 17:31:08 GMT
Shouldn't the parts using realhostip.com be using ssl? Atleast pre 4.3?

Erik
9. apr. 2014 18:47 skrev "Marcus" <shadowsor@gmail.com> følgende:

> Maybe the console? I haven't used that in forever, does it do SSL?
>
> On Wed, Apr 9, 2014 at 10:31 AM, Nux! <nux@li.nux.ro> wrote:
> > On 09.04.2014 17:21, Marcus wrote:
> >>
> >> Should just pull in the latest and work, if we're talking about
> >> building a fresh system vm.
> >>
> >> Do we even have any services running in the system vm that require an
> >> update?  We don't do SSL termination with haproxy for load balancers
> >> (yet), and I don't think that the apache web stuff for
> >> userdata/passwords is ssl, is it? From what I've seen, SSH doesn't
> >> even use the OpenSSL libs... I'm trying to think of a service that
> >> would be affected. We definitely want to push the latest, but I'm just
> >> wondering what actual urgency there should be for users to update
> >> their system vms.
> >
> >
> > Yes, that is actually a good point. I thought by the panic of the devs
> that
> > there is obviously stuff running there that is exposed to the interwebs.
> > It'd be nice if there wasn't any. :)
> >
> >
> > Lucian
> >
> > --
> > Sent from the Delta quadrant using Borg technology!
> >
> > Nux!
> > www.nux.ro
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message