Re: Recent libssl update.

To: debian-security@lists.debian.org
Subject: Re: Recent libssl update.
From: Simon Valiquette <v.simon@ieee.org>
Date: Mon, 14 Nov 2011 01:45:19 -0500
Message-id: <[🔎] 4EC0B8FF.7090702@ieee.org>
In-reply-to: <[🔎] 4EC07F13.8000806@mikemestnik.net>
References: <[🔎] 4EC07F13.8000806@mikemestnik.net>

Mike Mestnik un jour écrivit:

It is usual to have to restart services to load security updates?


Yes, but it is usually done automatically.

There is usually no other simple way to make sure that a program is usingthe new version of a library. But the main services that use libssl likeOpenSSH, Postfix and Apache are by default already automatically restartedif needed when libssl is updated.

At least it is better than having to reboot the server, and in the case ofApache users won't notice it because old threads will stop only oncecurrently openned connections are closed while new requests will be servedby new threads using the new library.

 Is
this something to be corrected or should I be diligent and restart
services periodically?

Periodically, no it is not necessary. Restarting a service is only neededafter updating a library used by that service, but it is usually alreadydone automatically, at least for the most common cases.

That said, user's programs are usually not automatically restarted, butthat's the same after any library update. So if for example you update alibrary used by Firefox (like libgnutls), you will have to restart it ifyou want to be sure it use the new version of the library.


I hope that makes thing clearer.

Simon Valiquette

Reply to:

References:
- Recent libssl update.
  - From: Mike Mestnik <cheako@mikemestnik.net>

Prev by Date: Recent libssl update.
Next by Date: Re: Recent libssl update.
Previous by thread: Recent libssl update.
Next by thread: Re: Recent libssl update.
Index(es):
- Date
- Thread