[TriLUG] Heartbleed SSL vuln: regenerate your ssh host keys?
Ken MacKenzie
ken at mack-z.com
Tue Apr 8 13:58:21 EDT 2014
I need to remember that debian check restart thing. Thanks!
On Tue, Apr 8, 2014 at 1:47 PM, Igor Partola <igor at igorpartola.com> wrote:
> As a quick update, note that different distributions are taking different
> approaches to releasing fixes. For example, in Ubuntu the new package seems
> to be versioned at 1.0.1-4ubuntu5.12. In CentOS the version of libssl seems
> to still be vulnerable (1.0.1e) but the they seem to have simply disabled
> the heartbeat extension instead of upgrading to the latest version of
> libssl (openssl-1.0.1e-16.el6_5.7 is the new package where 5.7 means it's
> been patched).
>
> During this process I realized what a mess libssl versioning is and how
> much every player involved messes with it.
>
> On the plus side I learned of a cool utility available for Debian/Ubuntu:
> `apt-get install debian-goodies`, then run `sudo checkrestart`. This will
> give you a list of processes whose libraries were upgraded but the
> processes were not restarted. Very useful, given that in this case it's not
> enough to upgrade libssl: you also must restart every process that uses it
> to start using the new version.
>
> Igor
> --
> This message was sent to: Ken M. <ken at mack-z.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/ken%40mack-z.com
> Welcome to TriLUG: http://trilug.org/welcome
>
More information about the TriLUG
mailing list