FUDforum: comp.lang.php » Heartbleed bug?

Home » Imported messages » comp.lang.php » Heartbleed bug?

Show: Today's Messages :: Polls :: Message Navigator

Re: Heartbleed bug? [message #185530 is a reply to message #185528]

Wed, 09 April 2014 15:56

Robert Heller
Messages: 60
Registered: December 2010

Karma:

Member

At Wed, 09 Apr 2014 11:21:51 -0400 Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:

>
> On 4/9/2014 9:56 AM, Robert Heller wrote:
>> At Wed, 09 Apr 2014 09:17:46 -0400 Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>>
>>>
>>> On 4/9/2014 8:24 AM, Kevin Burton wrote:
>>>> Anyone know how this bug http://heartbleed.com/ affects PHP when the extension is enabled? Is there a patch for the extension?
>>>>
>>>
>>> You need to be asking the OpenSSL people what products their bug affects.
>>
>> Since this is a shared library on a typical Linux system (eg LAMP server), it
>> will affect any program that links with OpenSSL's library(-ies). I know that
>> at least the CentOS user group is talking about it and I am sure RedHat is
>> also looking at it. (A large number of LAMP servers run CentOS.)
>>
>>>
>>
>
> That may or may not be. It depends on exactly what the problem is - or
> exactly what it affects. From the description on the website, I can't
> tell. Can you?
>
> Obviously, though, those who know the code would know exactly what it
> affects.
>
> A bug in a program does not necessarily affect everything that touches
> that program!

According to the CentOS mailing list, a patched version of the openssl
libraries was released yesterday. Only one version of CentOS (and I guess
RHEL) were affected: 6.5. The patched version of the openssl fixes that (one
also needs to remake certificates (with new private keys!) and revoke the old
ones. CentOS 5 and CentOS 6.4 and earlier were NOT affected. In *my* case
(deepsoft.com) since I run CentOS 5, *my* server is not affected. It is my
understanding that a *large* number of LAMP webservers are running some
version of CentOS. I presume that the system admins of the affected systems
are on the CentOS mailing list and are on top of things.

>
>

--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments

Report message to a moderator

[Message index]

		Heartbleed bug? By: Kevin Burton on Wed, 09 April 2014 12:24
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 13:17
		Re: Heartbleed bug? By: Robert Heller on Wed, 09 April 2014 13:56
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 15:21
		Re: Heartbleed bug? By: Christoph Michael Bec on Wed, 09 April 2014 15:43
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 17:37
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 06:51
		Re: Heartbleed bug? By: Jerry Stuckle on Thu, 10 April 2014 11:52
		Re: Heartbleed bug? By: Christoph Michael Bec on Thu, 10 April 2014 12:03
		Re: Heartbleed bug? By: Jerry Stuckle on Thu, 10 April 2014 16:36
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 23:01
		Re: Heartbleed bug? By: The Natural Philosoph on Thu, 10 April 2014 23:47
		Re: Heartbleed bug? By: Eli the Bearded on Fri, 11 April 2014 00:38
		Re: Heartbleed bug? By: Jerry Stuckle on Fri, 11 April 2014 01:58
		Re: Heartbleed bug? By: Denis McMahon on Fri, 11 April 2014 02:59
		Re: Heartbleed bug? By: The Natural Philosoph on Fri, 11 April 2014 03:36
		Re: Heartbleed bug? By: Jerry Stuckle on Fri, 11 April 2014 16:08
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 20:54
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 22:45
		Re: Heartbleed bug? By: Arno Welzel on Fri, 11 April 2014 06:33
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 15:47
		Re: Heartbleed bug? By: Robert Heller on Wed, 09 April 2014 15:56
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 17:38
		Re: Heartbleed bug? By: M. Strobel on Wed, 09 April 2014 22:11
		Re: Heartbleed bug? By: Jerry Stuckle on Thu, 10 April 2014 11:53
		Re: Heartbleed bug? By: The Natural Philosoph on Wed, 09 April 2014 20:02
		Re: Heartbleed bug? By: Adam Harvey on Wed, 09 April 2014 23:43
		Re: Heartbleed bug? By: Eli the Bearded on Thu, 10 April 2014 00:01
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 06:43
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 06:57
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 15:50
		Re: Heartbleed bug? By: The Natural Philosoph on Thu, 10 April 2014 18:37
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 20:56
		Re: Heartbleed bug? By: M. Strobel on Thu, 10 April 2014 21:32
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 23:14
		Re: Heartbleed bug? By: Arno Welzel on Fri, 11 April 2014 06:23
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 15:42
		Re: Heartbleed bug? By: Arno Welzel on Fri, 11 April 2014 11:00

Previous Topic:	cURL and response code 302
Next Topic:	PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 27 12:31:35 GMT 2024

Total time taken to generate the page: 0.06581 seconds