[CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

In article <A46CCA43-0BA5-43BB-9659-176311BF8471 at googlemail.com>,
Leon Fauster <leonfauster at googlemail.com> wrote:
> Am 08.04.2014 um 15:02 schrieb James Hogarth <james.hogarth at gmail.com>:
> > On 8 April 2014 12:08, Steven Tardy <sjt5atra at gmail.com> wrote:
> > 
> >> On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
> >> kkeller at wombat.san-francisco.ca.us> wrote:
> >> 
> >>> On 2014-04-08, Karanbir Singh <kbsingh at centos.org> wrote:
> >>> 
> >>> is there an easy way to know which services need to be kicked?
> >>> 
> >> 
> >> 
> >> rpm -q --whatrequires openssl
> > 
> > 
> > A slightly cleaner way:
> > 
> > lsof -n | grep ssl | grep DEL
> 
> lsof -n | grep -E 'libcry|libssl' | grep DEL

Actually, on CentOS it appears that DEL doesn't show you. The actual
string to grep on is 'deleted':

[root at vps1 ~]# lsof -n | grep -E 'libcry|libssl' | grep deleted
vsftpd      804        root  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
vsftpd      804        root  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
mysqld      996       mysql  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
mysqld      996       mysql  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
saslauthd  1042        root  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
saslauthd  1043        root  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
sendmail   1058        root  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
sendmail   1058        root  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
sendmail   1066       smmsp  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
sendmail   1066       smmsp  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
fail2ban-  1090        root  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
fail2ban-  1090        root  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
assp.pl    1198        assp  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
assp.pl    1198        assp  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
miniserv.  1223        root  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
miniserv.  1223        root  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
miniserv.  1229        root  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)
miniserv.  1229        root  mem       REG               0,70              73794353 (deleted)/usr/lib64/libssl.so.1.0.1e (stat: No such file or directory)
named     12887       named  mem       REG               0,70              73794333 (deleted)/usr/lib64/libcrypto.so.1.0.1e (stat: No such file or directory)

And I notice that the new libraries after applying the update are
STILL called 1.0.1e - is that correct? Could be confusing.

[root at vps1 ~]# lsof -n | grep -E 'libcry|libssl' | grep -v deleted
....
httpd      7495        root  mem       REG               0,70    1950976   73794323 /usr/lib64/libcrypto.so.1.0.1e
httpd      7495        root  mem       REG               0,70     441112   73794344 /usr/lib64/libssl.so.1.0.1e
httpd      7495        root  mem       REG               0,70     250168  151994454 /usr/lib64/libssl3.so
httpd      7495        root  mem       REG               0,70      40400   73728467 /lib64/libcrypt-2.12.so

... now to go and reboot the server.

Cheers
Tony

-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org