[GemStone-Smalltalk] Heartbleed OpenSSL bug patch for GemStone

Steve Rawley steve.rawley at gemtalksystems.com
Wed Apr 9 16:17:01 PDT 2014


Dear GemStone Customers,

The OpenSSL cryptographic library, used by GemStone/S 64 Bit (version
3.0.0 and later only) for RPC session logins (client-to-gem
connections), has a critical security bug that potentially allows
private memory to be exposed to third parties.

More information on this bug can be found at:

http://heartbleed.com/

This bug has been fixed in OpenSSL version 1.0.1g. GemStone uses
OpenSSL as a shared library which can be replaced with minimal
disruption.

Download the libraries corresponding to your GemStone platform from:

http://downloads.gemtalksystems.com/pub/openssl-1.0.1g

There are two versions for most platforms, 32-bit and 64-bit. These
libraries  replace the SSL libraries shipped in $GEMSTONE/lib and
$GEMSTONE/lib32  (%GEMSTONE%\bin on Windows). The libraries on the
download site are named  for version 3.1.0.5; if you are patching an
older version of GemStone, rename them to match the existing SSL
libraries in $GEMSTONE/lib and $GEMSTONE/lib32.

We will publish a bug note with this information soon. No action is
necessary for versions of the 64-bit product prior to 3.0.0 or any
32-bit GemStone/S version; these versions do not use OpenSSL.

Please contact GemTalk customer support if you have any questions
about this patch.

Thank you,
Steve Rawley


More information about the GemStone-Smalltalk mailing list