subject:"\[blfs\-support\] Heartbleed"

[blfs-support] Heartbleed

2014-04-08 Thread Rob Taylor

Heartbleed vulnerability

http://www.openssl.org/news/vulnerabilities.html

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

Suggest immediate revision to BLFS 7.5 OpenSSL-1.0.1f

Thanks,
Robert Taylor
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-support] Heartbleed

2014-04-08 Thread lux-integ

On Tuesday 08 April 2014 18:02:38 Rob Taylor wrote:
 Heartbleed vulnerability
 
 http://www.openssl.org/news/vulnerabilities.html
 
 OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
 OpenSSL 1.0.1g is NOT vulnerable
 OpenSSL 1.0.0 branch is NOT vulnerable
 OpenSSL 0.9.8 branch is NOT vulnerable
 
 Suggest immediate revision to BLFS 7.5 OpenSSL-1.0.1f
 
 Thanks,
 Robert Taylor

openssl is a package one generally installs  early in the distribution-build 
process.   To upgrade to say openssl-1.0.1g
--(a)  does one need to yank out the old say openssl-1.0.1 and install the new 
1,0,1g and if so would there not be breakages?  OR
--(b) can one install openssl-1.0.1g over the old version  of  say  
openssl-1.0.1 ?

advice from anyone on list will be much appreciated

sincerely
luxInteg
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-support] Heartbleed

2014-04-08 Thread Alexey Orishko

On Wed, Apr 9, 2014 at 4:41 AM, lux-integ lux-in...@btconnect.com wrote:
 openssl is a package one generally installs  early in the distribution-build
 process.   To upgrade to say openssl-1.0.1g
 --(a)  does one need to yank out the old say openssl-1.0.1 and install the new
 1,0,1g and if so would there not be breakages?  OR
 --(b) can one install openssl-1.0.1g over the old version  of  say
 openssl-1.0.1 ?

 advice from anyone on list will be much appreciated


If any application was compiled with static openssl library, you have
to recompile app in addition to installing a new shared lib/static.

/alexey
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-support] Heartbleed

2014-04-08 Thread Bruce Dubbs

Alexey Orishko wrote:
 On Wed, Apr 9, 2014 at 4:41 AM, lux-integ lux-in...@btconnect.com wrote:
 openssl is a package one generally installs  early in the distribution-build
 process.   To upgrade to say openssl-1.0.1g
 --(a)  does one need to yank out the old say openssl-1.0.1 and install the 
 new
 1,0,1g and if so would there not be breakages?  OR
 --(b) can one install openssl-1.0.1g over the old version  of  say
 openssl-1.0.1 ?

 advice from anyone on list will be much appreciated


 If any application was compiled with static openssl library, you have
 to recompile app in addition to installing a new shared lib/static.

I don't know of any packages in BLFS that use the static libraries by 
default or our instructions.  Some users may, however have done that for 
themselves.

   -- Bruce

-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-support] Heartbleed

2014-04-08 Thread Ken Moffat

On Wed, Apr 09, 2014 at 03:41:16AM +0100, lux-integ wrote:
 
 openssl is a package one generally installs  early in the distribution-build 
 process.   To upgrade to say openssl-1.0.1g
 --(a)  does one need to yank out the old say openssl-1.0.1 and install the 
 new 
 1,0,1g and if so would there not be breakages?  OR
 --(b) can one install openssl-1.0.1g over the old version  of  say  
 openssl-1.0.1 ?
 
 advice from anyone on list will be much appreciated
 

 With the instructions used in recent versions of BLFS (in
particular, shared libraries), just drop it over the top.  If you
are _serving_ anything which links to openssl then you will need to
bounce those services (i.e. stop them and restart them).  For a
desktop, I guess that closing the browser(s) and reopening those
should be sufficient.

ĸen
-- 
das eine Mal als Tragödie, dieses Mal als Farce
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-support] Heartbleed

2014-04-08 Thread Ken Moffat

On Tue, Apr 08, 2014 at 08:55:01PM +0100, Ken Moffat wrote:
 On Wed, Apr 09, 2014 at 03:41:16AM +0100, lux-integ wrote:
  
  openssl is a package one generally installs  early in the 
  distribution-build 
  process.   To upgrade to say openssl-1.0.1g
  --(a)  does one need to yank out the old say openssl-1.0.1 and install the 
  new 
  1,0,1g and if so would there not be breakages?  OR
  --(b) can one install openssl-1.0.1g over the old version  of  say  
  openssl-1.0.1 ?
  
  advice from anyone on list will be much appreciated
  
 
  With the instructions used in recent versions of BLFS (in
 particular, shared libraries), just drop it over the top.  If you
 are _serving_ anything which links to openssl then you will need to
 bounce those services (i.e. stop them and restart them).  For a
 desktop, I guess that closing the browser(s) and reopening those
 should be sufficient.
 
 ĸen
 Whoops, that is badly WRONG.  At lwn.net [ thread
https://lwn.net/Articles/593683/ - might be subscriber only ]
someone suggests running this after the upgrade :

grep -l 'libssl.*deleted' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps u
(as root)

 On my current desktop machine that shows the following :
root  2206  0.0  0.0  37016  1260 ?Ss   Apr06   0:00 
/usr/sbin/cupsd -C /etc/cups/cupsd.
root  2416  0.0  0.0  27736   512 ?Ss   Apr06   0:00 
/usr/lib/postfix/master -w
postfix   2418  0.0  0.0  27968   668 ?SApr06   0:00 qmgr -l -t 
unix -u
ken   2828  0.0  5.8 1384924 232188 ?  Sl   Apr06   1:37 
/usr/lib/libreoffice/program/soffic

 So in my desktop case I need to bounce cups and postfix, and also
to close my current LO documents.

ĸen
-- 
das eine Mal als Tragödie, dieses Mal als Farce
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-support] Heartbleed

2014-04-08 Thread Douglas R. Reno

Would it be best to just restart your system after an upgrade? In the
version of the book I have, it said something about an Xorg Server
dependency being OpenSSL (thats why I install it right before Xorg).

Douglas Reno
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[blfs-support] Heartbleed

Re: [blfs-support] Heartbleed

Re: [blfs-support] Heartbleed

Re: [blfs-support] Heartbleed

Re: [blfs-support] Heartbleed

Re: [blfs-support] Heartbleed

Re: [blfs-support] Heartbleed

7 matches

Site Navigation

Mail list logo

Footer information