This topic created in 4442 days ago, the information mentioned may be changed or developed.
Supplement 1 · Apr 9, 2014
 |
1
Livid MOD PRO 你运行 openssl version 看一下版本号,如果不是 1.0.1 就不用管了。
|
 |
2
niseter Apr 9, 2014 via Android
debian/ububtu
建议update后upgrade,有些组件比如ssh也收到影响。 centos试试下载g版本编译安装吧 |
 |
3
sanddudu Apr 9, 2014
根据官方的消息,用户应该升级到 1.0.1g
也可以带 -DOPENSSL_NO_HEARTBEATS 参数重新编译 |
 |
4
SharkIng Apr 9, 2014
使用这两个办法之后依然还是1.0.1c版本,好像是不是源没更新?
|
 |
8
andybest Apr 9, 2014
|
|
9
Livid MOD PRO |
 |
10
bigredapple Apr 9, 2014
yum -y update 已经修复了啊
|
 |
13
ptsa Apr 9, 2014
ubuntu 13.04 13.10 upgrade 后 还是1.0.1c
|
 |
14
initialdp Apr 9, 2014
我们生产环境用的是Ubuntu 10.04,系统没有提示要更新。估计是没有受影响。
|
 |
15
orzjerry Apr 9, 2014
5.7是官方发布的最新的1.0.1e中修复漏洞的版本。(centos)
|
 |
16
megaforce Apr 9, 2014
centos下面,
我是按srpm里面spec文件中想关的Configure重新编译一次新的openssl,覆盖掉系统本身的 |
 |
17
ray1980 Apr 9, 2014
1.0.1e 受影响么?
|
 |
18
rrfeng Apr 9, 2014
刚刚全部重新编译升级了 nginx ……
|
1
 |
23
icyflash Apr 9, 2014
|
 |
24
raincious Apr 9, 2014
@ray1980
@Zhongwei CentOS如果你yum upgrade之后发现openssl version还是OpenSSL 1.0.1e-fips 11 Feb 2013,那么再运行 openssl version -a | head -2 检查一下。 For CentOS, the OpenSSL version did not change. Instead, only the compile time changed. To test if you are running the right version, look at the second line of the "openssl version -a" output: Fixed version: $ openssl version -a | head -2 OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Tue Apr 8 02:39:29 UTC 2014 Old version: OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Wed Jan 8 18:40:59 UTC 2014 https://isc.sans.edu/diary.html |
|
25
raincious Apr 9, 2014
这是正确的Blog地址: https://isc.sans.edu/forums/diary/OpenSSL+CVE-2014-0160+Fixed/17917
另外Ubuntu系的机器貌似开了Security Update的话,自己已经更新好了,各位自行检查下。 |
 |
27
cakegg Apr 9, 2014
很想知道这个漏洞是哪个大神发现的???
|
 |
29
mengzhuo Apr 9, 2014
Ubuntu已经发布了1.0.1的补丁 直接upgrade就好了
|
 |
30
greyby Apr 10, 2014
@Livid 自己指定OpenSSL源码目录(with-openssl)编译安装的nginx 还需要重新编译 http://nginx.com/blog/nginx-and-the-heartbleed-vulnerability/
|
 |
31
princeofwales Apr 10, 2014
windows下IIS的https要不要搞?
|
Select Language