On 04/09/2014 07:40 AM, Stephen Harris wrote:
> On Wed, Apr 09, 2014 at 09:36:25AM -0400, James B. Byrne wrote:
>> However, if one was running an affected service, say httpd/ mod_ssl, on a
>> host
>> that had sftp sessions connected to it then would not the ssh private keys of
>> the host and loca
On Wed, Apr 09, 2014 at 09:36:25AM -0400, James B. Byrne wrote:
> However, if one was running an affected service, say httpd/ mod_ssl, on a host
> that had sftp sessions connected to it then would not the ssh private keys of
> the host and local users be in memory and therefore readable by the expl
On Tue, April 8, 2014 18:55, Lars Hecking wrote:
> Leon Fauster writes:
>> Am 08.04.2014 um 23:08 schrieb Keith Keller
>> :
>> > On 2014-04-08, Robert Arkiletian wrote:
>> >>
>> >> if you include libcrypto in the grep then sshd is affected.
>> >
>> > That's unfortunate. :( Is the bug in libssl,
On 04/08/2014 02:15 PM, Peter van Hooft wrote:
> I use this (crude) script to find what processes have files open from an rpm:
Does that work like /usr/bin/needs-restarting ?
Mogens
--
Mogens Kjaer, m...@lemo.dk
http://www.lemo.dk
___
CentOS mailing l
Leon Fauster writes:
> Am 08.04.2014 um 23:08 schrieb Keith Keller
> :
> > On 2014-04-08, Robert Arkiletian wrote:
> >>
> >> if you include libcrypto in the grep then sshd is affected.
> >
> > That's unfortunate. :( Is the bug in libssl, libcrypto, or both?
>
>
> looking inside - its seems
On 2014-04-08, Leon Fauster wrote:
>
> looking inside - its seems that this issue (cve-2014-0160) is resolved
> in ssl/d1_both.c and ssl/t1_lib.c and not in files under crypto/ ...
> to say more i have to take a look into the build process.
So if it turns out to be true that the bug is in libssl
Am 08.04.2014 um 23:08 schrieb Keith Keller
:
> On 2014-04-08, Robert Arkiletian wrote:
>>
>> if you include libcrypto in the grep then sshd is affected.
>
> That's unfortunate. :( Is the bug in libssl, libcrypto, or both?
looking inside - its seems that this issue (cve-2014-0160) is resolv
On Tue, Apr 8, 2014 at 2:08 PM, Keith Keller
wrote:
> On 2014-04-08, Robert Arkiletian wrote:
>>
>> if you include libcrypto in the grep then sshd is affected.
>
> That's unfortunate. :( Is the bug in libssl, libcrypto, or both?
>
> Since sshd is in doubt, I would like to force my users to chan
Hi,
What else needs to be restarted ?
Anything reported by the lsof commands above ?
Thank you,
I.
On Tue, Apr 8, 2014 at 9:33 PM, Robert Arkiletian wrote:
> On Tue, Apr 8, 2014 at 6:23 AM, Leon Fauster
> wrote:
> > Am 08.04.2014 um 15:02 schrieb James Hogarth :
> >> On 8 April 2014 12:08,
On 2014-04-08, Robert Arkiletian wrote:
>
> if you include libcrypto in the grep then sshd is affected.
That's unfortunate. :( Is the bug in libssl, libcrypto, or both?
Since sshd is in doubt, I would like to force my users to change their
password, which is stored on a central openldap server
On Tue, Apr 8, 2014 at 6:23 AM, Leon Fauster wrote:
> Am 08.04.2014 um 15:02 schrieb James Hogarth :
>> On 8 April 2014 12:08, Steven Tardy wrote:
>>
>>> On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
>>> kkel...@wombat.san-francisco.ca.us> wrote:
>>>
On 2014-04-08, Karanbir Singh wrote:
>>
On Tue, 2014-04-08 at 19:12 +0200, Alain Péan wrote:
> Le 08/04/2014 19:05, Tony Mountifield a écrit :
> > And I notice that the new libraries after applying the update are
> > STILL called 1.0.1e - is that correct? Could be confusing.
>
> Because at this time, it's only a workaround that disable
On 04/08/2014 01:12 PM, Alain Péan wrote:
> Le 08/04/2014 19:05, Tony Mountifield a écrit :
>> And I notice that the new libraries after applying the update are
>> STILL called 1.0.1e - is that correct? Could be confusing.
> Because at this time, it's only a workaround that disable certain
> servic
Le 08/04/2014 19:05, Tony Mountifield a écrit :
> And I notice that the new libraries after applying the update are
> STILL called 1.0.1e - is that correct? Could be confusing.
Because at this time, it's only a workaround that disable certain
services, not a fix to the libraries, as I read in the
In article ,
Leon Fauster wrote:
> Am 08.04.2014 um 15:02 schrieb James Hogarth :
> > On 8 April 2014 12:08, Steven Tardy wrote:
> >
> >> On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
> >> kkel...@wombat.san-francisco.ca.us> wrote:
> >>
> >>> On 2014-04-08, Karanbir Singh wrote:
> >>>
> >>>
On 2014-04-08, James Hogarth wrote:
>
> Tomcat, apache httpd, postfix, postgresl, mysql... best just to restart any
> network facing application that has SSL enabled ;)
Actually, I should have been more thorough: I am also interested in
knowing which credentials were vulnerable, so I can set poli
Am 08.04.2014 um 15:02 schrieb James Hogarth :
> On 8 April 2014 12:08, Steven Tardy wrote:
>
>> On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
>> kkel...@wombat.san-francisco.ca.us> wrote:
>>
>>> On 2014-04-08, Karanbir Singh wrote:
>>>
>>> is there an easy way to know which services need to
On 8 April 2014 12:08, Steven Tardy wrote:
> On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
> kkel...@wombat.san-francisco.ca.us> wrote:
>
> > On 2014-04-08, Karanbir Singh wrote:
> > >
> > > Earlier in the day today, we were made aware of a serious
> > > issue in openssl as shipped in CentOS-6.
> Message: 23
> Date: Tue, 8 Apr 2014 07:08:30 -0400
> From: Steven Tardy
> Subject: Re: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed
> workaround
> To: CentOS mailing list
> Message-ID:
>
> Content-Type: text/plain; charset=ISO-8859-1
>
&g
On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
kkel...@wombat.san-francisco.ca.us> wrote:
> On 2014-04-08, Karanbir Singh wrote:
> >
> > Earlier in the day today, we were made aware of a serious
> > issue in openssl as shipped in CentOS-6.5 ( including updates issued
> > since CentOS-6.5 was rele
On 2014-04-08, Karanbir Singh wrote:
>
> Earlier in the day today, we were made aware of a serious
> issue in openssl as shipped in CentOS-6.5 ( including updates issued
> since CentOS-6.5 was released ); This issue is addressed in detail at
> http://heartbleed.com/
So it looks like new packages
21 matches
Mail list logo