Solved

Implication of applying patch / renew SSL cert on non-vulnerable Heart-Bleed OpenSSL versions

Posted on 2014-04-21
2
444 Views
Last Modified: 2014-04-22
The vulnerable versions are 1.0.1 to 1.0.1f

I have 1.0.1g & 0.9.8 (& its branch versions)
as well asl 0.9.7d

Q1:
0.9.7d was not indicated as vulnerable or non-vul but I'm inclined to believe
it's not as the Heartbleed vulnerability appears to start to surface starting
from 1.0.1 (sort of coding flaw started at that time): is this assumption right?

Q2:
if a colleague accidentally applied patches on non-vulnerable versions,
what's the implication?  Or does it allow the patch in RHES/Solaris x86/
SuSE Linux to go through?  I don't have access to Linux to test this out.
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 40014157
the "patch" should just be an upgrade to 1.0.1g - there WAS a temp patch which recompiled openssl (from source) with the flag OPENSSL_NO_HEARTBEATS asserted - if you recompile openssl with an unrecognised flag, it is just ignored.

So in either case, there is no significant impact (although going to the latest stable is rarely a bad thing :)
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40014246
A1: still you have to patch such an old version for other vulnerabilities
A2: Just that those old versions got less other vulnerabilities.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question