So, considering that it fails to start now. Could you please verify that `ls -la /lib64/libcrypt.so.1` is still valid?
Fedor. On Mon, Apr 14, 2014 at 2:53 PM, LOKESH JANGIR <[email protected]>wrote: > Hi Rainer, > > Yes, apache was running with the old library, i have moved this out, and > copied new libssl library from new openssl installation folder. But it is > not working and now i am unable to start apache. > > Now what to do with this ? > > Regards, > Lokesh Jangir > > > On Mon, Apr 14, 2014 at 2:52 PM, Rainer M. Canavan < > [email protected]> wrote: > >> >> On Apr 14, 2014, at 10:17 , LOKESH JANGIR <[email protected]> wrote: >> >> > Hi Team, >> > >> > I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I >> found the same openssl vulnerability issue with my ssl certificate. I have >> installed new openssl bugfixed version 1.0.1g and create csr and key file >> from this. Also i have installed this on the server. I have restarted >> apache service and server many times after installation. >> > >> > But still it is showing my website vulnerable. Can you please guide me >> what am i missing now ? >> >> did you use "apachectl restart", or "apachectl stop" + "apachectl start"? >> If you did >> the former, the process may still be running with the old, deleted >> library. Try >> >> sudo lsof -n | grep libssl | grep DEL >> >> to see if that is still the case. >> >> >> >> rainer______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List [email protected] >> Automated List Manager [email protected] >> > >
