Hi On Tue, Apr 8, 2014 at 8:32 AM, Anatol Pomozov <anatol.pomozov@gmail.com> wrote:
Hi
On Tue, Apr 8, 2014 at 8:29 AM, Neal Oakey <neal.oakey@googlemail.com> wrote:
Hi,
there is an Bug(1) in OpenSSL 1.0.1 and as far as I'm informed this has only been patched in 1.0.1g. Many other Distributions have build there own patch, what is with us?
It is fixed already. The new version of openssl is in stable repository already. https://www.archlinux.org/packages/core/x86_64/openssl/
Currently we have "1.0.1.f-2" which is effected as far as I can know.
One more tip: after you updated a system and installed new openssl package you need to restart services that still use old version of openssl. Here is one-liner (from [1]) that finds such applications for you: sudo lsof +c 0 | grep -w DEL | awk '1 { print $1 ": " $NF }' | grep ssl [1] https://wiki.archlinux.org/index.php/Pacman_Tips#Find_applications_that_use_...