IMPORTANT SECURITY ANNOUNCEMENT
Recently the POODLE vulnerability has been announced: http://en.wikipedia.org/wiki/POODLE
ELOG is prone to this vulnerability if it runs directly the SSL protocol and can be accessed from the internet. If ELOG runs behind an Apache proxy, and the Apache server has been correctly configured (disabled the SSLv23 protocols), ELOG is safe as well.
To fix this vulnerability, ELOG needs to be recompiled after the attached patch has been applied. This prohibits ELOG to fallback to the insecure SSLv2 & v3 protocols and only use the safe TLSv1 protocol.
If you do not know how to recompile ELOG, please do not run ELOG directly accessible from the internet until the next binary release has been published.
/Stefan Ritt |