06.06.2014 14:51

Hinweis für Debian-Benutzer bei OpenSSL Upgrade

Again, Openssl was the centre of patching in the last two days. While Debian was quick to release a patched version, it seems like Debian forgot to restart some services which link against openssl (libssl) get restarted.

Here is how you can check with services use which version of openssl:

root@hostname:~# lsof +c 0 | grep -w DEL | awk '1 { print $1 ": " $NF }' | grep libssl | sort -u

(...) freeradius: /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 openvpn: /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 python: /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0

 

Next, you'll need to compare this list of programs against running services, for example:

root@host:~# ps auxww | grep python
root 1960 0.0 7.2 65392 17956 ? S Jun03 1:11 python /usr/sbin/denyhosts --daemon --purge --config=/etc/denyhosts.conf

And finally restart these services again:

root@host:~# /etc/init.d/denyhosts restart
[ ok ] Stopping DenyHosts: denyhosts.
[ ok ] Starting DenyHosts: denyhosts.

Autor: L. Aaron Kaplan