[arch-general] Heartbleed-bug in OpenSSL 1.0.1 up to 1.0.1f

Anatol Pomozov anatol.pomozov at gmail.com
Tue Apr 8 13:56:39 EDT 2014


On Tue, Apr 8, 2014 at 8:32 AM, Anatol Pomozov <anatol.pomozov at gmail.com> wrote:
> Hi
> On Tue, Apr 8, 2014 at 8:29 AM, Neal Oakey <neal.oakey at googlemail.com> wrote:
>> Hi,
>> there is an Bug(1) in OpenSSL 1.0.1 and as far as I'm informed this has
>> only been patched in 1.0.1g.
>> Many other Distributions have build there own patch, what is with us?
> It is fixed already. The new version of openssl is in stable
> repository already.
> https://www.archlinux.org/packages/core/x86_64/openssl/
>> Currently we have "1.0.1.f-2" which is effected as far as I can know.

One more tip: after you updated a system and installed new openssl
package you need to restart services that still use old version of
openssl. Here is one-liner (from [1]) that finds such applications for

sudo lsof +c 0 | grep -w DEL | awk '1 { print $1 ": " $NF }' | grep ssl

[1] https://wiki.archlinux.org/index.php/Pacman_Tips#Find_applications_that_use_libraries_from_older_packages

More information about the arch-general mailing list