2015-03-24 - OpenSSL Vulnerabilities ==================================== OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause a segmentation fault within OpenSSL, thus enabling a potential DoS attack. This issue affects OpenSSL version: 1.0.2 Action ------ xCAT uses OpenSSL for client-server communication but **does not** ship it. Please upgrade OpenSSL to 1.0.2a or higher.