FUDforum: comp.lang.php » Heartbleed bug?

Home » Imported messages » comp.lang.php » Heartbleed bug?

Show: Today's Messages :: Polls :: Message Navigator

Re: Heartbleed bug? [message #185542 is a reply to message #185535]

Thu, 10 April 2014 11:53

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 4/9/2014 6:11 PM, M. Strobel wrote:
> Am 09.04.2014 19:38, schrieb Jerry Stuckle:
>> On 4/9/2014 11:56 AM, Robert Heller wrote:
>>> At Wed, 09 Apr 2014 11:21:51 -0400 Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>>>
>>>>
>>>> On 4/9/2014 9:56 AM, Robert Heller wrote:
>>>> > At Wed, 09 Apr 2014 09:17:46 -0400 Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>>>> >
>>>> >>
>>>> >> On 4/9/2014 8:24 AM, Kevin Burton wrote:
>>>> >>> Anyone know how this bug http://heartbleed.com/ affects PHP when the extension
>>>> >>> is enabled? Is there a patch for the extension?
>>>> >>>
>>>> >>
>>>> >> You need to be asking the OpenSSL people what products their bug affects.
>>>> >
>>>> > Since this is a shared library on a typical Linux system (eg LAMP server), it
>>>> > will affect any program that links with OpenSSL's library(-ies). I know that
>>>> > at least the CentOS user group is talking about it and I am sure RedHat is
>>>> > also looking at it. (A large number of LAMP servers run CentOS.)
>>>> >
>>>> >>
>>>> >
>>>>
>>>> That may or may not be. It depends on exactly what the problem is - or
>>>> exactly what it affects. From the description on the website, I can't
>>>> tell. Can you?
>>>>
>>>> Obviously, though, those who know the code would know exactly what it
>>>> affects.
>>>>
>>>> A bug in a program does not necessarily affect everything that touches
>>>> that program!
>>>
>>> According to the CentOS mailing list, a patched version of the openssl
>>> libraries was released yesterday. Only one version of CentOS (and I guess
>>> RHEL) were affected: 6.5. The patched version of the openssl fixes that (one
>>> also needs to remake certificates (with new private keys!) and revoke the old
>>> ones. CentOS 5 and CentOS 6.4 and earlier were NOT affected. In *my* case
>>> (deepsoft.com) since I run CentOS 5, *my* server is not affected. It is my
>>> understanding that a *large* number of LAMP webservers are running some
>>> version of CentOS. I presume that the system admins of the affected systems
>>> are on the CentOS mailing list and are on top of things.
>>>
>>>>
>>>>
>>>
>>
>> That may be. But it still doesn't answer your original question as to how (or even
>> if) it affects PHP.
>>
>
> In german we call this "bug" a "GAU", that means "Maximum Credible Accident". You'd
> better *make sure* you are not affected. Starting point: you are.
>
> There seem to be "just a few versions" of openssl affected, but for those who are it
> is a GAU.
>
> /Str.
>

How do you know I am affected? Do you know my code? What PHP functions
it affects?

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		Heartbleed bug? By: Kevin Burton on Wed, 09 April 2014 12:24
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 13:17
		Re: Heartbleed bug? By: Robert Heller on Wed, 09 April 2014 13:56
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 15:21
		Re: Heartbleed bug? By: Christoph Michael Bec on Wed, 09 April 2014 15:43
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 17:37
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 06:51
		Re: Heartbleed bug? By: Jerry Stuckle on Thu, 10 April 2014 11:52
		Re: Heartbleed bug? By: Christoph Michael Bec on Thu, 10 April 2014 12:03
		Re: Heartbleed bug? By: Jerry Stuckle on Thu, 10 April 2014 16:36
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 23:01
		Re: Heartbleed bug? By: The Natural Philosoph on Thu, 10 April 2014 23:47
		Re: Heartbleed bug? By: Eli the Bearded on Fri, 11 April 2014 00:38
		Re: Heartbleed bug? By: Jerry Stuckle on Fri, 11 April 2014 01:58
		Re: Heartbleed bug? By: Denis McMahon on Fri, 11 April 2014 02:59
		Re: Heartbleed bug? By: The Natural Philosoph on Fri, 11 April 2014 03:36
		Re: Heartbleed bug? By: Jerry Stuckle on Fri, 11 April 2014 16:08
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 20:54
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 22:45
		Re: Heartbleed bug? By: Arno Welzel on Fri, 11 April 2014 06:33
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 15:47
		Re: Heartbleed bug? By: Robert Heller on Wed, 09 April 2014 15:56
		Re: Heartbleed bug? By: Jerry Stuckle on Wed, 09 April 2014 17:38
		Re: Heartbleed bug? By: M. Strobel on Wed, 09 April 2014 22:11
		Re: Heartbleed bug? By: Jerry Stuckle on Thu, 10 April 2014 11:53
		Re: Heartbleed bug? By: The Natural Philosoph on Wed, 09 April 2014 20:02
		Re: Heartbleed bug? By: Adam Harvey on Wed, 09 April 2014 23:43
		Re: Heartbleed bug? By: Eli the Bearded on Thu, 10 April 2014 00:01
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 06:43
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 06:57
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 15:50
		Re: Heartbleed bug? By: The Natural Philosoph on Thu, 10 April 2014 18:37
		Re: Heartbleed bug? By: Arno Welzel on Thu, 10 April 2014 20:56
		Re: Heartbleed bug? By: M. Strobel on Thu, 10 April 2014 21:32
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 23:14
		Re: Heartbleed bug? By: Arno Welzel on Fri, 11 April 2014 06:23
		Re: Heartbleed bug? By: Denis McMahon on Thu, 10 April 2014 15:42
		Re: Heartbleed bug? By: Arno Welzel on Fri, 11 April 2014 11:00

Previous Topic:	cURL and response code 302
Next Topic:	PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Nov 23 17:50:23 GMT 2024

Total time taken to generate the page: 0.04385 seconds