Full Disclosure mailing list archives
Re: heartbleed OpenSSL bug CVE-2014-0160
From: Ricardo Iramar dos Santos <riramar () gmail com>
Date: Tue, 8 Apr 2014 13:51:58 -0300
How about this one? http://filippo.io/Heartbleed/ On Tue, Apr 8, 2014 at 8:59 AM, Jann Horn <jann () thejh net> wrote:
On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote:Ubuntu already has released: http://www.ubuntu.com/usn/usn-2165-1/ My server updated during the night :}Make sure that it actually worked! I did this after updating my debian server: root@thejh:/home/jann# for pid in $(grep -F '/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (deleted)' /proc/*/maps | cut -d/ -f3 | sort -u); do cat /proc/$pid/cmdline | tr '\0' ' '; echo; done /usr/lib/erlang/erts-5.9.1/bin/beam -Bd -K true -A 4 -- -root /usr/lib/erlang -progname erl -- -home /var/lib/couchdb -- -noshell -noinput -os_mon start_memsup false start_cpu_sup false disk_space_check_interval 1 disk_almost_full_threshold 1 -sasl errlog_type error -couch_ini /etc/couchdb/default.ini /etc/couchdb/local.ini /etc/couchdb/default.ini /etc/couchdb/local.ini -s couch -pidfile /var/run/couchdb/couchdb.pid -heart /usr/bin/couchjs /usr/share/couchdb/server/main.js /usr/bin/couchjs /usr/share/couchdb/server/main.js /usr/bin/stunnel4 /etc/stunnel/stunnel.conf /usr/bin/stunnel4 /etc/stunnel/stunnel.conf /usr/bin/stunnel4 /etc/stunnel/stunnel.conf /usr/bin/stunnel4 /etc/stunnel/stunnel.conf /usr/bin/stunnel4 /etc/stunnel/stunnel.conf /usr/bin/stunnel4 /etc/stunnel/stunnel.conf /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf /usr/lib/postfix/master /usr/sbin/vsftpd /usr/bin/znc -d /etc/znc pickup -l -t fifo -u -c anvil -l -t unix -u -c smtpd -n smtp -t inet -u -c -o stress= -s 2 irssi /usr/sbin/openvpn --writepid /var/run/openvpn.tun0.pid --daemon ovpn-tun0 --cd /etc/openvpn --config /etc/openvpn/tun0.conf qmgr -l -t fifo -u tlsmgr -l -t unix -u -c So, yeah, it did replace the library file, but stunnel, couchdb, lighttpd, postfix, vsftpd and so on are still using the old version. You have to manually restart those services... :D _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Carlos P (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 David H (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Matthew Musingo (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Craig Holmes (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Menso Heus (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Txalin (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Pål Nilsen (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Pål Nilsen (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ricardo Iramar dos Santos (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Nik Mitev (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Chris Schmidt (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Tim Schütt (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Rob van der Putten (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Walt Williams (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Vincent (Student) (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Carlos P (Apr 11)