[ale] OpenSSL Broken, Upgrade Now

Adrya Stembridge adrya.stembridge at gmail.com
Wed Apr 16 10:50:10 EDT 2014


If you trust this source, this will tell you if your web server is patched
or not:
https://filippo.io/Heartbleed/

Reddit AMA from the developer:
http://www.reddit.com/r/IAmA/comments/233161/i_am_the_author_of_the_heartbleed_test_site_ama/



On Wed, Apr 16, 2014 at 10:42 AM, Paul Cartwright <pbcartwright at gmail.com>wrote:

>  according to a web site, the patched version is still 1.0.1e-37:
>
>
> https://www.digitalocean.com/community/articles/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability
>
> For a 64 bit system:
>
> yum -y install koji
> koji download-build --arch=x86_64 openssl-1.0.1e-37.fc19.1
> yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm
>
> yum localinstall openssl-1.0.1e-37.fc19.1.x86_64.rpm
> Loaded plugins: langpacks
> Examining openssl-1.0.1e-37.fc19.1.x86_64.rpm:
> 1:openssl-1.0.1e-37.fc19.1.x86_64
> openssl-1.0.1e-37.fc19.1.x86_64.rpm: does not update installed package.
> Nothing to do
>
>
>
>
>  Hi
>
> I believe the patched version is OpenSSL 1.0.1g 7 Apr 2014
>
> Jay
> On 04/16/2014 10:24 AM, Paul Cartwright wrote:
>
> I ran that and also got the same:
> openssl
> OpenSSL> version
> OpenSSL 1.0.1e-fips 11 Feb 2013
>
> openssl.x86_64 1:1.0.1e-37.fc20.1 @updates
> openssl-libs.i686 1:1.0.1e-37.fc20.1 @updates
> openssl-libs.x86_64 1:1.0.1e-37.fc20.1 @update
>
>
> but I just got an updated openssl recently..
>
>
>
> --
> Paul Cartwright
> Registered Linux User #367800 and new counter #561587
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140416/6a77e296/attachment.html>


More information about the Ale mailing list