Hi On Tue, Apr 8, 2014 at 8:32 AM, Anatol Pomozov <anatol.pomozov@xxxxxxxxx> wrote: > Hi > > On Tue, Apr 8, 2014 at 8:29 AM, Neal Oakey <neal.oakey@xxxxxxxxxxxxxx> wrote: >> Hi, >> >> there is an Bug(1) in OpenSSL 1.0.1 and as far as I'm informed this has >> only been patched in 1.0.1g. >> Many other Distributions have build there own patch, what is with us? > > It is fixed already. The new version of openssl is in stable > repository already. > https://www.archlinux.org/packages/core/x86_64/openssl/ > >> Currently we have "1.0.1.f-2" which is effected as far as I can know. One more tip: after you updated a system and installed new openssl package you need to restart services that still use old version of openssl. Here is one-liner (from [1]) that finds such applications for you: sudo lsof +c 0 | grep -w DEL | awk '1 { print $1 ": " $NF }' | grep ssl [1] https://wiki.archlinux.org/index.php/Pacman_Tips#Find_applications_that_use_libraries_from_older_packages
