Serious OpenSSL vulnerability
Chris Adams
linux at cmadams.net
Thu Apr 10 19:10:59 UTC 2014
Once upon a time, Dan Thurman <dant at cdkkt.com> said:
> 2) I downloaded F18 SRPM file, changed the SPEC file by adding
> -DOPENSSL_NO_HEARTBEATS to RPM_OPT_FLAGS variable,
> then rebuild which compiled with no errors, then removed the
> old openssl files (rpm --nodeps -e openssl*), installed the new files
> (rpm -ivh *.rpm in RPM directory)
Don't do it that way! --nodeps is something you should never use. You
could have "rpm -Uvh", or even "yum localinstall".
> then proceeded to the heartbeat
> site and it failed (red)
Did you restart services (or reboot)? Under Unix, once a file is
opened, the reference remains even if it is removed/replaced. If you
don't restart Apache, it will still be using the old OpenSSL libraries.
--
Chris Adams <linux at cmadams.net>
More information about the users
mailing list