LinuxQuestions.org - [SOLVED] CVE-2014-0224 vulnerability

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - CVE-2014-0224 vulnerability (https://www.linuxquestions.org/questions/linux-newbie-8/cve-2014-0224-vulnerability-4175507459/)

joraymasalvan

06-09-2014 02:14 AM

CVE-2014-0224 vulnerability

Hi.

Because of the CVE-2014-0224, we did and upgrade on our OpenSSL to openssl 0.9.8az.

Do we still and upgrade for modSSL also?
please advise..

kooru

06-09-2014 06:29 AM

Welcome to LQ!
No, it should not be needed to upgrade modSSL too.

jpollard

06-10-2014 02:43 PM

The reason it shouldn't be necessary is that modssl uses (should use) shared libraries, and the ssl shared library was updated making all applications that use that library also updated.

Now that said, you do need to restart apache (unless you already did so after the update to OpenSSL) so that the OLD library is no longer in use.

joraymasalvan

06-18-2014 08:26 PM

Thanks everyone for your replies...

apparently, due to the unique setup of our servers, we have to re-install from OS to other dependencies, from Source.

i thought this was task was just a yum update...i was wrong..
We have successfully updated all, however, we're 3 more servers away...

Thanks again...

All times are GMT -5. The time now is 09:22 PM.