Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 75C94106C3 for ; Wed, 9 Apr 2014 11:21:23 +0000 (UTC) Received: (qmail 33627 invoked by uid 500); 9 Apr 2014 11:21:22 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 33330 invoked by uid 500); 9 Apr 2014 11:21:20 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 33311 invoked by uid 99); 9 Apr 2014 11:21:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 11:21:19 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of harikrishna.patnala@citrix.com designates 103.14.252.240 as permitted sender) Received: from [103.14.252.240] (HELO SMTP.CITRIX.COM.AU) (103.14.252.240) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 11:21:14 +0000 X-IronPort-AV: E=Sophos;i="4.97,825,1389744000"; d="scan'208";a="4469430" Received: from sinaccessns.citrite.net (HELO SINPEX01CL01.citrite.net) ([10.151.60.9]) by sinpip01.citrite.net with ESMTP; 09 Apr 2014 11:20:53 +0000 Received: from SINPEX01CL03.citrite.net ([169.254.3.9]) by SINPEX01CL01.citrite.net ([169.254.1.214]) with mapi id 14.02.0342.004; Wed, 9 Apr 2014 19:20:52 +0800 From: Harikrishna Patnala To: "" Subject: Re: OpenSSL vunerability (bleedheart) Thread-Topic: OpenSSL vunerability (bleedheart) Thread-Index: Ac9TPFwK13GPsqhaT1uYhTkvwmKkyAAVZ7AAAAmXagD//62KAIAAftYA//+oVYA= Date: Wed, 9 Apr 2014 11:20:51 +0000 Message-ID: <5DB98AD7-DB0D-48AC-9BBD-D8A00CAC9537@citrix.com> References: <61F627A1-5F35-42E8-B7E7-E42D1DADA712@stratosec.co> <78F7F3AD-3476-4954-8AC8-D6D5239684AA@stratosec.co> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.13.107.80] Content-Type: text/plain; charset="iso-8859-1" Content-ID: <9F3AF7EF134E7444A8356ACB50E479BF@citrix.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-DLP: SIN1 X-Virus-Checked: Checked by ClamAV on apache.org Hi, I have tried upgrading openssl on our system vms(deployed using latest temp= late), the version is still OpenSSL 1.0.1e=20 Seems like apt does not have the binary of latest OpenSSL, may be we need t= o compile the library from latest OpenSSL source(OpenSSL 1.0.1g) and use th= at build in our systemvm template. root@v-2-VM:~# apt-get update ... root@v-2-VM:~# apt-get install openssl Reading package lists... Done Building dependency tree =20 Reading state information... Done The following packages will be upgraded: openssl 1 upgraded, 0 newly installed, 0 to remove and 4 not upgraded. Need to get 700 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://security.debian.org/ wheezy/updates/main openssl amd64 1.0.1e-= 2+deb7u6 [700 kB] Fetched 700 kB in 0s (1,559 kB/s) (Reading database ... 26260 files and directories currently installed.) Preparing to replace openssl 1.0.1e-2+deb7u4 (using .../openssl_1.0.1e-2+de= b7u6_amd64.deb) ... Unpacking replacement openssl ... Processing triggers for man-db ... Setting up openssl (1.0.1e-2+deb7u6) ... root@v-2-VM:~# openssl version OpenSSL 1.0.1e 11 Feb 2013 -Harikrishna On 09-Apr-2014, at 4:34 pm, Abhinandan Prateek wrote: > Latest jenkins build template have openSSL version 1.0.1e, the version > that is compromised. >=20 > On 09/04/14 2:30 pm, "Nux!" wrote: >=20 >> On 09.04.2014 06:55, John Kinsella wrote: >>> Just put up a blog post with mitigation instructions [1]. If anybody >>> has any issues with this, please let us know and we=B9ll help/update as >>> appropriate. >>>=20 >>> We=B9re working on new SystemVM images, but that=B9s going to take us a >>> few days. >>=20 >> For those who run 4.3 aren't these good enough? >> http://jenkins.buildacloud.org/view/4.3/job/cloudstack-4.3-systemvm/ >>=20 >> Also, what is the procedure of replacing the System VMs and templates >> where there's no actual "upgrade" involved? >>=20 >> Lucian >>=20 >> --=20 >> Sent from the Delta quadrant using Borg technology! >>=20 >> Nux! >> www.nux.ro >=20