I've seen pound has this issue, sites which use pound as proxy need to
restart pound manually, before that is done it doesnt use the newly
installed openssl.
2014-04-09 09:51, Henrik Ahlgren skrev:
On Tue, Apr 08, 2014 at 08:24:52PM +0200, Salvatore Bonaccorso wrote:
Yes this is
Hi there
Salvatore Bonaccorso wrote:
Yes this is unfortunately a bug in that part of the libssl1.0.0
postinst! apache2 is also affected and should be restarted after the
openssl update.
AFAIK all services that use TLS + open-ssl are effected.
I generated new keys for Apache, Asterisk, Exim
On Wed, Apr 09, 2014 at 10:51:42AM +0300, Henrik Ahlgren wrote:
If new services will be added to the restart check list, I think both
puppet and puppetmaster should be included, too.
The service snmpd should be restarted as well. At least checkrestart says
so.
Shade and sweet water!
On Wednesday, 2014-04-09 at 12:42:16 +0200, Rob van der Putten wrote:
AFAIK all services that use TLS + open-ssl are effected.
I generated new keys for Apache, Asterisk, Exim and imap and
restarted those services.
According to a post on slashdot SSH is not effected. I don't know if
this is
Am 2014-04-09 12:42, schrieb Rob van der Putten:
According to a post on slashdot SSH is not effected. I don't know if
this is correct.
(Open-)SSH is not affected as it does not use openssl at all. Should be
the same for other SSH daemons like dropbear as they are not using TLS
in SSH
On Wednesday 09 of April 2014 13:26:06 bsod wrote:
Am 2014-04-09 12:42, schrieb Rob van der Putten:
According to a post on slashdot SSH is not effected. I don't know if
this is correct.
(Open-)SSH is not affected as it does not use openssl at all. Should be
the same for other SSH daemons
On 13:26 Wed 09 Apr , bsod wrote:
Am 2014-04-09 12:42, schrieb Rob van der Putten:
According to a post on slashdot SSH is not effected. I don't know if
this is correct.
(Open-)SSH is not affected as it does not use openssl at all. Should be the
same for other SSH daemons like dropbear
Hi there
Vladislav Kurz wrote:
So, why does openssh-server depend on libssl ?
ldd /usr/sbin/sshd says it needs libcrypto.so, which is part of openssl?
Maybe the question should be does SSH use a heartbeat?
Regards,
Rob
--
To UNSUBSCRIBE, email to
Am 2014-04-09 13:38, schrieb Vladislav Kurz:
So, why does openssh-server depend on libssl ?
oh... my bad, searched for dependencies openssl instead of libssl.
However, it still does not use TLS and is therefore not concerned by
bugs in the heartbeat extension to it.
Kind regards,
Chris
Yes the private keys can be compromised, but the perfect secrecy
should ensure that unless someone was doing an active MITM and had the
private key, the communications were safe.
On Wed, Apr 9, 2014 at 3:06 PM, Artikel-140 i...@artikel-140.nl wrote:
Hi,
If Perfect Forward Secrecy is enabled,
* Jeremie Marguerie jere...@marguerie.org [140409 15:28]:
Yes the private keys can be compromised, but the perfect secrecy
should ensure that unless someone was doing an active MITM and had the
private key, the communications were safe.
As the communication was part of the data transported
Hi,
After upgrading the packages in DSA 2896-2 (openssl security update),
the second version, 1.0.1e-2+deb7u6, that detects services to restart, I
noted that the postist script didn't suggest that I should restart
apache2.
As far as I can tell apache2 (apache2.2-bin) depends on libssl1.0.0 and
Hi,
I can confirm this behaviour. In addition I am quite sure that apache2 is
affected because I have tested it with the heartbleed check
(http://heartbleed.com) directly after the security update and it was still
vulnerable. After I restarted apache2 manually the vulnerability was gone.
Hi Frederik,
On Tue, Apr 08, 2014 at 04:01:37PM +, Fredrik Jonson wrote:
Hi,
After upgrading the packages in DSA 2896-2 (openssl security update),
the second version, 1.0.1e-2+deb7u6, that detects services to restart, I
noted that the postist script didn't suggest that I should restart
14 matches
Mail list logo