OpenSSL CVE and Habitat

Happy Monday all you in-Habitants!

Some of you have surely followed along with Fletcher Nichol’s post last week regarding the OpenSSL release v1.0.2i. For those of you who missed that thread, it can be found here http://bit.ly/2de2idI .

Fletcher rebuilt a gaggle of hab packages to provide support for a most welcome OpenSSL release. As can be the case with software releases whoops it turns out there was another insidious issue with OpenSSL 1.0.2i . If you’re interested in the details of this cve you can find them here: https://www.openssl.org/news/secadv/20160926.txt

Why are we telling you this? Well, in order to ensure that all of you are safe, secure, and able to appropriately consume the core/openssl package (and those packages that depend upon it) we are going to be running through the rebuild process again today! Be assured that we will inform you as we move through the process.

And of course, thank you for using Habitat!