-   Linux - Newbie (
-   -   CVE-2014-0224 vulnerability (

joraymasalvan 06-09-2014 03:14 AM

CVE-2014-0224 vulnerability

Because of the CVE-2014-0224, we did and upgrade on our OpenSSL to openssl 0.9.8az.

Do we still and upgrade for modSSL also?
please advise..

kooru 06-09-2014 07:29 AM

Welcome to LQ!
No, it should not be needed to upgrade modSSL too.

jpollard 06-10-2014 03:43 PM

The reason it shouldn't be necessary is that modssl uses (should use) shared libraries, and the ssl shared library was updated making all applications that use that library also updated.

Now that said, you do need to restart apache (unless you already did so after the update to OpenSSL) so that the OLD library is no longer in use.

joraymasalvan 06-18-2014 09:26 PM

Thanks everyone for your replies...

apparently, due to the unique setup of our servers, we have to re-install from OS to other dependencies, from Source.

i thought this was task was just a yum update...i was wrong..
We have successfully updated all, however, we're 3 more servers away...

Thanks again...

All times are GMT -5. The time now is 04:39 PM.