Hi Our apache restarts fine. I'm on Debian 11.5 with unattended-upgrades for bullseye-security ONLY
We have: libssl1.1 Version: 1.1.1n-0+deb11u4) - updated 8 Feb 2023 and apache2 Version: 2.4.54-1~deb11u1 So is this a Debian 11.6 problem ?? Cheers Will Will Salmon, Systems & Infrastructure Support Officer (Linux web servers), - FMS Technology Enhanced Learning team (ex LTSU), - Newcastle University, Medical Sciences Graduate School office - Ridley Building 1, floor 3 E-mail: will.sal...@ncl.ac.uk -----Original Message----- From: Phil Endecott <phil_etbqo_endec...@chezphil.org> Sent: 08 February 2023 14:02 To: debian-security@lists.debian.org Subject: Apache doesn't restart after new libssl is installed ⚠ External sender. Take care when opening links or attachments. Do not provide your login details. Dear Experts, I have a Debian 11 system running Apache and unattended-upgrades. I received the DSA 5343-1 email advertising the new openssl package, 1.1.1n-0+deb11u4. Unattended-upgrades had installed this before I even read the email - great. But Apache has not been restarted, and it seems to be running with the old libssl still: # grep ssl /proc/661/maps 7fcb5bd97000-7fcb5bdb4000 r--p 00000000 ca:02 265814 /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (deleted) Obviously the security issues are not closed until Apache (and any other daemon linked with openssl) restart, and that may not happen for a long time! This is not the first time I have seen something like this happen. Whose responsibility is this? Should the Apache package somehow know that it needs to restart itself? Should the libssl package do something to cause Apache to restart? Should the unattended- upgrades package know to restart Apache when libssl has been upgraded? I know there is a mechanism of some kind to cause daemons to restart when libraries they use are being replaced; is that just for libc updates, or something? Thanks, Phil. P.S. If you Cc: me in your reply, I'll see it sooner.