[Glass] Heartbleed OpenSSL bug patch for GemStone

Paul DeBruicker pdebruic at gmail.com
Wed Apr 9 18:13:56 PDT 2014

Hi Steve,

Does the stone need to be shut down to apply these patches?



Steve Rawley-2 wrote
> Dear GemStone Customers,
> The OpenSSL cryptographic library, used by GemStone/S 64 Bit (version
> 3.0.0 and later only) for RPC session logins (client-to-gem
> connections), has a critical security bug that potentially allows
> private memory to be exposed to third parties.
> More information on this bug can be found at:
> http://heartbleed.com/
> This bug has been fixed in OpenSSL version 1.0.1g. GemStone uses
> OpenSSL as a shared library which can be replaced with minimal
> disruption.
> Download the libraries corresponding to your GemStone platform from:
> http://downloads.gemtalksystems.com/pub/openssl-1.0.1g
> There are two versions for most platforms, 32-bit and 64-bit. These
> libraries  replace the SSL libraries shipped in $GEMSTONE/lib and
> $GEMSTONE/lib32  (%GEMSTONE%\bin on Windows). The libraries on the
> download site are named  for version; if you are patching an
> older version of GemStone, rename them to match the existing SSL
> libraries in $GEMSTONE/lib and $GEMSTONE/lib32.
> We will publish a bug note with this information soon. No action is
> necessary for versions of the 64-bit product prior to 3.0.0 or any
> 32-bit GemStone/S version; these versions do not use OpenSSL.
> Please contact GemTalk customer support if you have any questions
> about this patch.
> Thank you,
> Steve Rawley
> _______________________________________________
> Glass mailing list

> Glass at .gemtalksystems

> http://lists.gemtalksystems.com/mailman/listinfo/glass

View this message in context: http://forum.world.st/Glass-Heartbleed-OpenSSL-bug-patch-for-GemStone-tp4753767p4753782.html
Sent from the GLASS mailing list archive at Nabble.com.

More information about the Glass mailing list