[CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
Keith Keller
kkeller at wombat.san-francisco.ca.usTue Apr 8 06:56:45 UTC 2014
- Previous message: [CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Next message: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2014-04-08, Karanbir Singh <kbsingh at centos.org> wrote: > > Earlier in the day today, we were made aware of a serious > issue in openssl as shipped in CentOS-6.5 ( including updates issued > since CentOS-6.5 was released ); This issue is addressed in detail at > http://heartbleed.com/ So it looks like new packages were issued by upstream pretty quickly. So one question is, is there an easy way to know which services need to be kicked? I was surprised (not unpleasantly) to note that sshd is not linked against libssl, but if you do a naive check against httpd, you won't find it linked either--because it's mod_ssl that's linked against it. --keith -- kkeller at wombat.san-francisco.ca.us
- Previous message: [CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Next message: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list