[CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
Tony Mountifield
tony at softins.co.uk
Tue Apr 8 17:05:19 UTC 2014
In article <A46CCA43-0BA5-43BB-9659-176311BF8471 at googlemail.com>,
Leon Fauster <leonfauster at googlemail.com> wrote:
> Am 08.04.2014 um 15:02 schrieb James Hogarth <james.hogarth at gmail.com>:
> > On 8 April 2014 12:08, Steven Tardy <sjt5atra at gmail.com> wrote:
> >
> >> On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
> >> kkeller at wombat.san-francisco.ca.us> wrote:
> >>
> >>> On 2014-04-08, Karanbir Singh <kbsingh at centos.org> wrote:
> >>>
> >>> is there an easy way to know which services need to be kicked?
> >>>
> >>
> >>
> >> rpm -q --whatrequires openssl
> >
> >
> > A slightly cleaner way:
> >
> > lsof -n | grep ssl | grep DEL
>
> lsof -n | grep -E 'libcry|libssl' | grep DEL
Actually, on CentOS it appears that DEL doesn't show you. The actual
string to grep on is 'deleted':
[root at vps1 ~]# lsof -n | grep -E 'libcry|libssl' | grep deleted
vsftpd 804 root mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
vsftpd 804 root mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
mysqld 996 mysql mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
mysqld 996 mysql mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
saslauthd 1042 root mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
saslauthd 1043 root mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
sendmail 1058 root mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
sendmail 1058 root mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
sendmail 1066 smmsp mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
sendmail 1066 smmsp mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
fail2ban- 1090 root mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
fail2ban- 1090 root mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
assp.pl 1198 assp mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
assp.pl 1198 assp mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
miniserv. 1223 root mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
miniserv. 1223 root mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
miniserv. 1229 root mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
miniserv. 1229 root mem REG 0,70 73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
named 12887 named mem REG 0,70 73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
And I notice that the new libraries after applying the update are
STILL called 1.0.1e - is that correct? Could be confusing.
[root at vps1 ~]# lsof -n | grep -E 'libcry|libssl' | grep -v deleted
....
httpd 7495 root mem REG 0,70 1950976 73794323 /usr/lib64/libcrypto.so.1.0.1e
httpd 7495 root mem REG 0,70 441112 73794344 /usr/lib64/libssl.so.1.0.1e
httpd 7495 root mem REG 0,70 250168 151994454 /usr/lib64/libssl3.so
httpd 7495 root mem REG 0,70 40400 73728467 /lib64/libcrypt-2.12.so
... now to go and reboot the server.
Cheers
Tony
--
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the CentOS
mailing list