On Fri, May 16, 2014 at 03:52:36PM +0300, Rani Ahmed wrote:
I have from Debian wheezy repository : OpenSSL 1.0.1*e* as a binary package. Already installed on the normal location /usr/lib. => Heartbleed bug.
Debian's openssl 1.0.1e packaged has been patched, so it's not vulnerable if you're up-to-date with the latest package. They, like other distributions, annoyingly don't update the version number. So you have to set
allow_vulnerable_openssl = yes
If you build FR from source as a package, this is all sorted for you - the allow_vulnerable_openssl is automatically set, because the built backage will depend on the correct (patched) version of openssl. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>