Re: [SECURITY] [DSA 3500-1] openssl security update

To: Carsten Aulbert <Carsten.Aulbert@aei.mpg.de>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3500-1] openssl security update
From: Paul Wise <pabs@debian.org>
Date: Wed, 2 Mar 2016 16:36:48 +0800
Message-id: <[🔎] CAKTje6G5x44HNRtS9Gp3oYZv-9vqd=MVZj+q2sDk=GrQoegsxQ@mail.gmail.com>
In-reply-to: <[🔎] 56D69F7E.7000906@aei.mpg.de>
References: <56d5a87c.85b01c0a.2ea07.6277@mx.google.com> <[🔎] 56D69F7E.7000906@aei.mpg.de>

On Wed, Mar 2, 2016 at 4:08 PM, Carsten Aulbert wrote:

> brief question for a possible addendum. I believe one should at least
> restart services which are currently using openssl after patching it,
> right, e.g. trying to figure out by lsof -n | grep openssl.

Right. I would use one of the many existing implementations of this
rather than rolling your own:

checkrestart (from debian-goodies)
needrestart
whatmaps
https://anonscm.debian.org/cgit/mirror/dsa-nagios.git/tree/dsa-nagios-checks/checks/dsa-check-libs
http://tracer-package.com/
needs-restarting (from yum)
https://anonscm.debian.org/cgit/collab-maint/hobbit-plugins.git/tree/client-ext/libs
limited implementations in the libc/pam/openssl postinsts

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3500-1] openssl security update
  - From: Carsten Aulbert <Carsten.Aulbert@aei.mpg.de>

References:
- Re: [SECURITY] [DSA 3500-1] openssl security update
  - From: Carsten Aulbert <Carsten.Aulbert@aei.mpg.de>

Prev by Date: Re: [SECURITY] [DSA 3500-1] openssl security update
Next by Date: Re: [SECURITY] [DSA 3500-1] openssl security update
Previous by thread: Re: [SECURITY] [DSA 3500-1] openssl security update
Next by thread: Re: [SECURITY] [DSA 3500-1] openssl security update
Index(es):
- Date
- Thread