[ User ] Login

Bug 120: CLOSED

openssl in packages/cooking not patched for heartbleed bug?

Date: 2014-05-12 21:36 - Creator: nneul - Priority critical - 4 messages 

Tried updating to both the latest in packages/cooking as well as direct 
download from cook.slitaz.org - both still result in a system that shows as 
vulnerable when running httpd.

Affected package(s): openssl

Messages

By: nneul on 2014-05-12 21:39 

Sorry, my mistake - files are in different package. disregard.

By: nneul on 2014-05-12 22:12 

It was libssl that needed updated. However, this raises another question - 
it seems like the package that is out in packages/cooking still has the 
symptom, whereas one downloaded directly from cook.slitaz.org shows as 
non-vulnerable. Both were listed as 1.0.1g.

By: mojo on 2014-05-15 13:25 

What is the md5sum fingerprint of the non-vulnerable libssl-1.0.1g.tazpkg

By: nneul on 2014-09-13 19:52 

Sorry, didn't see this update, no longer in a position to reproduce 
the same circumstances as this bug was filed.