Comment by M4v3R
12 years ago
Ok, anyone could assist me on how to update openssl without breaking anything? I've fetched newest sources from openssl.org and compiled them, but "make install" doesn't actually install it, it only got compiled, but issuing "openssl version" still gives me the old version.
What I want to do is to patch it so our webserver uses new version.
I would tread lightly here if you aren't comfortable with compiling. Rather than break your website, it might be better to take it down until your distro's packages are available.
You should probably spend your time investigating a good method of reissuing keys for when you get to a stable OpenSSL version.
Some apps have OpenSSL statically compiled into the binaries. Beware that what you think is fixed may not be.
Well, I'm not really in position of taking the whole service down at this moment, I would really like to have a way to patch it instead.
Depending on the distro on which you're based, you may find that making a new package from a source package (e.g. srpm) would be the safest route even if you're in a hurry.
If you're on Ubuntu, it would appear at least the updated base (OpenSSL itself) packages are now in the repos.
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-20...
1 reply →