Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Joseph <syscon780@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected
Date: Mon, 28 Apr 2014 18:34:29
Message-Id: 20140428183417.GC4129@syscon7.ed.shawcable.net
In Reply to: Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected by Tom Wijsman
1 On 04/28/14 20:13, Tom Wijsman wrote:
2 >On Mon, 28 Apr 2014 10:02:52 -0600
3 >Joseph <syscon780@×××××.com> wrote:
4 >
5 >> On 04/28/14 09:17, Joseph wrote:
6 >> >Which program do I upgrade to fix Heartbleed bug?
7 >> >
8 >> >http://safeweb.norton.com/heartbleed/
9 >> >is showing me my server is vulnerable.
10 >> >I'm using dev-libs/openssl-0.9.8y
11 >> >
12 >> >Why "safeweb.norton" is triggering my server vulnerable?
13 >>
14 >> I'm using apache-2.2.25
15 >> Which file contain setting for: SSLCompression
16 >> I'm trying to turn it off.
17 >
18 >Unaffected according to:
19 >
20 > http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml
21 >
22 >Perhaps all you need to do is restart the Apache service?
23 >
24 >--
25 >With kind regards,
26 >
27 >Tom Wijsman (TomWij)
28 >Gentoo Developer
29 >
30 >E-mail address : TomWij@g.o
31 >GPG Public Key : 6D34E57D
32 >GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D
33
34 No, I was wrong. I had both version istalled: 0.9.8y and 1.0.1f
35 and the one that was in use was buggy one: 1.0.1f
36 I recompile 1.0.1f without tls-heartbeat and the problem is solved.
37
38 dev-libs/openssl
39 Available versions:
40 (0.9.8) 0.9.8y
41 (0) 1.0.0j 1.0.1f
42 {bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib}
43 Installed versions: 0.9.8y(0.9.8)(11:06:09 PM 10/18/2013)(sse2 zlib -bindist -gmp -kerberos -test) 1.0.1f(12:57:54 PM 03/21/2014)(sse2 tls-heartbeat zlib
44 -bindist -gmp -kerberos -rfc3779 -static-libs -test -vanilla)
45
46 But what puzzle me is when I downgraded it to 1.0.0j (uneffected version) I could not restart apache. I was getting an error:
47
48 /etc/init.d/apache2 restart
49 * apache2 has detected an error in your setup:
50 apache2: Syntax error on line 125 of /etc/apache2/httpd.conf: Cannot load /usr/lib64/apache2/modules/mod_ssl.so into server: /usr/lib64/apache2/modules/mod_ssl.so:
51 undefined symbol: TLSv1_1_client_method
52 * ERROR: apache2 failed to stop
53
54
55
56 --
57 Joseph

Replies

Subject Author
Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected Mike Gilbert <floppym@g.o>
Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected Mike Gilbert <floppym@g.o>
Report Message
Find on MARC Find on Google Groups