[Glass] Heartbleed OpenSSL bug patch for GemStone
Steve Rawley
steve.rawley at gemtalksystems.com
Wed Apr 9 16:18:57 PDT 2014
Dear GemStone Customers,
The OpenSSL cryptographic library, used by GemStone/S 64 Bit (version
3.0.0 and later only) for RPC session logins (client-to-gem
connections), has a critical security bug that potentially allows
private memory to be exposed to third parties.
More information on this bug can be found at:
http://heartbleed.com/
This bug has been fixed in OpenSSL version 1.0.1g. GemStone uses
OpenSSL as a shared library which can be replaced with minimal
disruption.
Download the libraries corresponding to your GemStone platform from:
http://downloads.gemtalksystems.com/pub/openssl-1.0.1g
There are two versions for most platforms, 32-bit and 64-bit. These
libraries replace the SSL libraries shipped in $GEMSTONE/lib and
$GEMSTONE/lib32 (%GEMSTONE%\bin on Windows). The libraries on the
download site are named for version 3.1.0.5; if you are patching an
older version of GemStone, rename them to match the existing SSL
libraries in $GEMSTONE/lib and $GEMSTONE/lib32.
We will publish a bug note with this information soon. No action is
necessary for versions of the 64-bit product prior to 3.0.0 or any
32-bit GemStone/S version; these versions do not use OpenSSL.
Please contact GemTalk customer support if you have any questions
about this patch.
Thank you,
Steve Rawley
More information about the Glass
mailing list