[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can't patch Heartbleed bug?






On Thu, Apr 10, 2014 at 9:54 AM, Florian Ernst <florian_ernst@gmx.net> wrote:

This is not accurate, OpenSSL 1.0.1 through 1.0.1f (inclusive) are
vulnerable. Please see
https://www.debian.org/security/2014/dsa-2896
as well as
http://heartbleed.com/

Thanks Flo,

That's one of the problems with stories like this is that there is a lot of misinformation out there. I started reading on Bruce Schneier's site, and bounced off several sites from there. I guess I either read wrong or hit some misinformation.

Also, with the extensive list of apps that need to be restarted, unless you have an overriding reason not to, I would recommend that you reboot instead of trying to cherry pick apps to restart. (The "nuke it from orbit. It's the only way to be sure." approach. :) ) Debian did a good job of finding most of the apps that depend on openssl, but I know they missed at least one, puppet.

--b


Reply to: