Serious OpenSSL vulnerability
Dan Thurman
dant at cdkkt.com
Thu Apr 10 19:51:44 UTC 2014
On 04/10/2014 12:10 PM, Chris Adams wrote:
> Once upon a time, Dan Thurman <dant at cdkkt.com> said:
>> 2) I downloaded F18 SRPM file, changed the SPEC file by adding
>> -DOPENSSL_NO_HEARTBEATS to RPM_OPT_FLAGS variable,
>> then rebuild which compiled with no errors, then removed the
>> old openssl files (rpm --nodeps -e openssl*), installed the new files
>> (rpm -ivh *.rpm in RPM directory)
> Don't do it that way! --nodeps is something you should never use. You
> could have "rpm -Uvh", or even "yum localinstall".
>
>> then proceeded to the heartbeat
>> site and it failed (red)
> Did you restart services (or reboot)? Under Unix, once a file is
> opened, the reference remains even if it is removed/replaced. If you
> don't restart Apache, it will still be using the old OpenSSL libraries.
Ok about --nodeps.
So what I did was:
1) yum clean all
2) yum update (nothing to update)
3) yum reinstall openssl* (reinstalled and to mitigate any issues
caused by --nodeps, no issues)
4) yum localinstall openssl*.rpm (nothing to install) (same as rpm -Uvh)
So I was unable to rpm -Uvh *.rpm/yum localinstall *.rpm because
yum/rpm detected no difference. Perhaps I need to change the SPEC
file to a different version, say from 1:1.0.1e-37.fc18 to 1:1.0.1e-38.fc18?
If so, where do I change the version from 37 ->38?
More information about the users
mailing list