All Questions
Tagged with openssl heartbleed
32
questions
9
votes
2
answers
4k
views
How to install a vulnerable version of OpenSSL on a Linux server?
I'd like to compile and install a Heartbleed-vulnerable OpenSSL version on a server I'm setting up for a team web security challenge (since these are not available for install from Ubuntu's repository ...
0
votes
2
answers
358
views
Does Ubuntu 12.04LTS have the OpenSSL heartbleed fix?
Only OpenSSL 1.0.1f or later has the fix for the heartbleed exploit. So does Ubuntu 12.04LTS have the fix? We need to use 12.04LTS for reasons I won't go into, and we can't upgrade.
According to this ...
-1
votes
2
answers
991
views
Openssl upgrade from source [closed]
I have upgraded the openssl version on my server to the latest version of openssl but the libraries that the reverse proxy server is using is pointing to .
strings /usr/lib64/libssl.so.10 | grep "^...
0
votes
0
answers
180
views
Updating openssl to fix heartbleed bug tries to remove redis-server
I am trying to fix openssl heartbleed bug on my server. I read that I can update the openssl version with the following command:
sudo apt-get install openssl libssl1.0.0
But when i try to run this ...
6
votes
1
answer
5k
views
Why do I get different openssl versions?
I'm trying to check if I running the latest OpenSSL version, my main concern is the heartbleed bug.
I tried 2 commands:
openssl version
yum info openssl
openssl version output
OpenSSL 1.0.1e-...
0
votes
0
answers
30
views
Should I completely rebuild my server due to Heartbleed? [duplicate]
I have a CentOS 6.5 VPS server...
$ uname -a
Linux mary 3.14.4-x86_64-linode40 #1 SMP Tue May 13 12:25:05 EDT 2014 \
x86_64 x86_64 x86_64 GNU/Linux
When the news about the Heartbleed ...
-1
votes
1
answer
242
views
Heartbleed not fixed by Openssl and server upgrade
I have inherited a server in one of our Dev environments and found out straight away that it was not patched when the heartbleed was discovered.
Now, I've upgraded it - including all SSL libraries ...
4
votes
2
answers
7k
views
debian wheezy, heartbleed, openssl refuses to update
I am having a strange problem, my system is exposed to heartbleed, and I am trying to fix it by using:
apt-get clean,
apt-get update
and
apt-get upgrade openssl
but the response is:
Reading ...
0
votes
1
answer
668
views
apache taking old openssl libraries when doing apachectl graceful
Due to heartbleed vulnerability I have recompiled apache with non vulnerable latest openssl(I had to keep old vulnerable openssl due to some dependency problem). It is running fine and when doing ...
-4
votes
1
answer
136
views
Heartbleed: What if OpenSSL has been patched but SSL certs not yet rekeyed? [duplicate]
Does anyone know what entry point a hacker could have if a sever's OpenSSL has been patched but a site's SSL certs have not yet been rekeyed?
Thanks!
0
votes
2
answers
169
views
I have OpenSSL 1.0.1g but my site is still vulnerable?
I've updated my Ubuntu server to use OpenSSL 1.0.1g and when I run sudo openssl version -a I get OpenSSL 1.0.1g 7 Apr 2014
built on: Sat Apr 19 14:15:45 UTC 2014
platform: linux-elf
However, sites ...
2
votes
1
answer
147
views
Switch the SSL provider after Heartbleed bug instead of revoking
I have a question regarding the Heartbleed problem and the SSL certificates. About Heartbleed many people say that admins should revoke their certificates and get new ones. I got my SSL certs from ...
4
votes
2
answers
4k
views
Server still vulnerable to HeartBleed after Openssl update
On a Centos 6.5 Minimal install, I have compiled Apache, PHP, and rpm installed Percona.
After updating OpenSSL days ago, my site that uses SSL on this server is vulnerable to Heartbleed somehow.
...
0
votes
2
answers
318
views
Openssl heartbleed update not working with compiled Apache 2.4.7
We are still having heartbleed issues with one of our servers. We did the update with yum and restarted apache and any service that was using the vulnerable version of openssl. When we test our site ...
-1
votes
2
answers
535
views
Upgrade to secure openssl fails
Upgrade to secure openssl fails
Method:
have in /etc/apt/sources.list:
deb http://security.debian.org/ wheezy/updates main contrib non-free
Then do:
apt-get update
apt-cache policy openssl
apt-...