LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-09-2014, 03:14 AM   #1
joraymasalvan
LQ Newbie
 
Registered: Oct 2013
Posts: 2

Rep: Reputation: Disabled
CVE-2014-0224 vulnerability


Hi.

Because of the CVE-2014-0224, we did and upgrade on our OpenSSL to openssl 0.9.8az.

Do we still and upgrade for modSSL also?
please advise..
 
Old 06-09-2014, 07:29 AM   #2
kooru
Senior Member
 
Registered: Sep 2012
Posts: 1,385

Rep: Reputation: 273Reputation: 273Reputation: 273
Welcome to LQ!
No, it should not be needed to upgrade modSSL too.

Last edited by kooru; 06-09-2014 at 07:31 AM.
 
Old 06-10-2014, 03:43 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,714

Rep: Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280
The reason it shouldn't be necessary is that modssl uses (should use) shared libraries, and the ssl shared library was updated making all applications that use that library also updated.

Now that said, you do need to restart apache (unless you already did so after the update to OpenSSL) so that the OLD library is no longer in use.
 
Old 06-18-2014, 09:26 PM   #4
joraymasalvan
LQ Newbie
 
Registered: Oct 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thanks everyone for your replies...

apparently, due to the unique setup of our servers, we have to re-install from OS to other dependencies, from Source.

i thought this was task was just a yum update...i was wrong..
We have successfully updated all, however, we're 3 more servers away...

Thanks again...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vulnerability scanning using NMAP on CVE-2014-0322 vulnerability,check vulnerable meeiyoke Linux - Security 2 06-06-2014 06:09 PM
vulnerability scanning using NMAP on CVE-2014-0322 vulnerability,check vulnerable . meeiyoke Linux - Newbie 1 06-06-2014 01:14 PM
CVE-2014-0160: Heartbleed Bug: OpenSSL Vulnerability tronayne Linux - Security 66 04-21-2014 04:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration