Hi, I have tried upgrading openssl on our system vms(deployed using latest template), the version is still OpenSSL 1.0.1e
Seems like apt does not have the binary of latest OpenSSL, may be we need to compile the library from latest OpenSSL source(OpenSSL 1.0.1g) and use that build in our systemvm template. root@v-2-VM:~# apt-get update ... root@v-2-VM:~# apt-get install openssl Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be upgraded: openssl 1 upgraded, 0 newly installed, 0 to remove and 4 not upgraded. Need to get 700 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://security.debian.org/ wheezy/updates/main openssl amd64 1.0.1e-2+deb7u6 [700 kB] Fetched 700 kB in 0s (1,559 kB/s) (Reading database ... 26260 files and directories currently installed.) Preparing to replace openssl 1.0.1e-2+deb7u4 (using .../openssl_1.0.1e-2+deb7u6_amd64.deb) ... Unpacking replacement openssl ... Processing triggers for man-db ... Setting up openssl (1.0.1e-2+deb7u6) ... root@v-2-VM:~# openssl version OpenSSL 1.0.1e 11 Feb 2013 -Harikrishna On 09-Apr-2014, at 4:34 pm, Abhinandan Prateek <abhinandan.prat...@citrix.com> wrote: > Latest jenkins build template have openSSL version 1.0.1e, the version > that is compromised. > > On 09/04/14 2:30 pm, "Nux!" <n...@li.nux.ro> wrote: > >> On 09.04.2014 06:55, John Kinsella wrote: >>> Just put up a blog post with mitigation instructions [1]. If anybody >>> has any issues with this, please let us know and we¹ll help/update as >>> appropriate. >>> >>> We¹re working on new SystemVM images, but that¹s going to take us a >>> few days. >> >> For those who run 4.3 aren't these good enough? >> http://jenkins.buildacloud.org/view/4.3/job/cloudstack-4.3-systemvm/ >> >> Also, what is the procedure of replacing the System VMs and templates >> where there's no actual "upgrade" involved? >> >> Lucian >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >
