Obviously OpenSSL is getting the royal treatment of scrutiny now... these two bugs were fixed this week, and both are potentially very nasty.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 could allow remote arbitrary code execution in a default setup
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 was considered bad enough by the Fedora people to issue a separate warning statement (they almost never do that), though it depends on both sides using OpenSSL, which would be rare-ish in the browser world dominated by FF, Chrome, IE, etc, under normal use cases
Don't forget to restart your httpd (and every other "d" that uses OpenSSL) after updating!
On 06/06/2014 11:01 PM, Trevor Cordes wrote:
Don't forget to restart your httpd (and every other "d" that uses OpenSSL) after updating!
A useful command to see what daemons need restarting...
lsof | fgrep libssl | fgrep -i del
On 2014-06-09 Gilbert E. Detillieux wrote:
On 06/06/2014 11:01 PM, Trevor Cordes wrote:
Don't forget to restart your httpd (and every other "d" that uses OpenSSL) after updating!
A useful command to see what daemons need restarting...
lsof | fgrep libssl | fgrep -i del
Ooooh. That's slick. There was a bunch of daemons in there I had forgotten about, oops.
For even easier output, I'd add to it thusly:
lsof | fgrep libssl | fgrep -i del | cut -f1,1 -d' ' | sort -u
My list was 2 pages long without the -u! Astounding how much stuff hauls in libssl: gdbus? gkrellm? qalculate???!
-
Gilbert E. Detillieux -
Trevor Cordes