On 2014-04-08, Karanbir Singh <kbsingh@xxxxxxxxxx> wrote: > > Earlier in the day today, we were made aware of a serious > issue in openssl as shipped in CentOS-6.5 ( including updates issued > since CentOS-6.5 was released ); This issue is addressed in detail at > http://heartbleed.com/ So it looks like new packages were issued by upstream pretty quickly. So one question is, is there an easy way to know which services need to be kicked? I was surprised (not unpleasantly) to note that sshd is not linked against libssl, but if you do a naive check against httpd, you won't find it linked either--because it's mod_ssl that's linked against it. --keith -- kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: CVE-2014-0160 CentOS 6 openssl heartbleed workaround
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: centos@xxxxxxxxxx
- Subject: Re: CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- From: Keith Keller <kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 07 Apr 2014 23:56:45 -0700
- Delivered-to: centos@xxxxxxxxxx
- User-agent: slrn/0.9.9p1 (Linux)
- Follow-Ups:
- Re: CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- From: Steven Tardy
- Re: CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Prev by Date: Re: Software RAID10 - which two disks can fail?
- Next by Date: Re: Software RAID10 - which two disks can fail?
- Previous by thread: Re: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Next by thread: Re: CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Index(es):
 |