[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Patched, but still vulnerable



On Fri, Apr 11, 2014 at 08:18:55AM -0400, James Rome wrote:
> I have applied all patched to my OpenSUSE 13.1 server and restarted
> Apache, but https://www.ssllabs.com/ssltest/analyze.html says I am still
> vulnerable to heartbleed. What else must I do?

check with "zypper ps" if there are processes active that still use
the old libssl.

Check with 
rpm -q libopenssl1_0_0 --changelog|less
if the fix is in the rpm. (CVE-2014-0160)

Ciao, Marcus
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx