Re: [qmailtoaster] Re: heartbleed bug

Thu, 10 Apr 2014 07:19:08 -0700 

Appologies, this is Centos 5.10 installation.

qtp-whatami
qtp-whatami v0.3.8 Thu Apr 10 08:18:25 MDT 2014
REAL_DIST=CentOS
DISTRO=CentOS
OSVER=5.10
QTARCH=i686
QTKERN=2.6.18-371.3.1.el5
BUILD_DIST=cnt50
BUILD_DIR=/usr/src/redhat


Dave M
-----Original Message----- From: Dave M 
Sent: Thursday, April 10, 2014 8:15 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: heartbleed bug

Hi Eric

What is the correct path as the makecert fails
/var/qmail/bin/makecert.sh: No such file or director

Dave M
-----Original Message----- From: Eric Shubert 
Sent: Wednesday, April 09, 2014 1:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: heartbleed bug

I'd like to add a few details here.

If you use the stock self-signed cert, you should still probably
regenerate this by doing:
# service qmail stop
# mv /var/qmail/control/servercert.pem \
     /var/qmail/control/servercert.pem.compromised
# /var/qmail/bin/makecert.sh
# service qmail start

If you use your own cert/key, then you should know what you need to do
for that, which is beyond the scope of this email.

The dh keys used in the TLS key negotiation process should be generated
automatically every day by cron, which runs the /var/qmail/bin/dh_key
script. You might want to verify the dates of these files:
# ls -l /var/qmail/control/dh*
If these weren't modified today, check your crontab.

Thanks for clarifying this, Steve.

--
-Eric 'shubes'

On 04/08/2014 06:52 PM, Steve Huff wrote:
hey folks - please be aware that simply patching OpenSSL is NOT sufficient to mitigate the risk. if you have been using a RHEL/CentOS 6 system to host services secured by SSL, then you should consider your keys compromised, revoke your keys, and deploy new keys and new certs. 

read http://heartbleed.com to learn more.

-steve

On Apr 8, 2014, at 7:57 PM, Cecil Yother, Jr. <c...@yother.com> wrote:


FYI,  This fix has only come out in the past few days.
On 04/08/2014 04:54 PM, Eric Shubert wrote:

On 04/08/2014 01:04 PM, Peter Peterse wrote:

Finn Buhelt schreef op 8-4-2014 21:53:

Hi list
Will this affects QMT ? ( latest release uses openssl-1.01 which is hit) 

"New security holes are always showing up. The latest one, the
so-called <http://heartbleed.com/>Heartbleed Bug <http://heartbleed.com/> 
  in the OpenSSL <https://www.openssl.org/> cryptographic library, is
an especially bad one"  - taken from zdnet.com


Regards,
Finn


Hi Finn,

I've read CentOS 6 is affected and CentOS 5 not.

CentOS 5.10 contains OpenSSL 0.9.8e

Regards,
Peter


RHEL/CentOS has fixed this in openssl-1.0.1e-16.el6_5.7
The fixed package was in all of the mirrors I happened to catch.

To check if your package has the fix applied, you can:
$ rpm -q openssl --changelog | grep CVE-2014-0160
If you get nothing back (and you're on COS6) you should (yum) update your openssl package. 



--
<cj's_sig.png>






---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to