[arch-general] Does openssl 1.0.1.g-1 close the heartbleed exploit?
Guus Snijders
gsnijders at gmail.com
Fri Apr 25 03:47:25 EDT 2014
Op 25 apr. 2014 09:41 schreef "David C. Rankin" <
drankinatty at suddenlinkmail.com> het volgende:
>
> Guys,
>
> I was testing my boxes after updating to openssl 1.0.1.g-1 with
heartbleed.c
> and I am still able to grab and decrypt ssl packets. The openssl security
note
> says 1.0.1.g is not effected by the bug, but I can still get a 64k chuck
of data
> back from my server using the heartbleed.c test. (if I'm reading the
output
> correctly) Am I may be doing something wrong? It is worth asking to be
sure.
Probably a stupid question, but you did restart the affected daemons (or
system) after the update?
Otherwise, they'll be using the old lib.
mvg, Guus
More information about the arch-general
mailing list