[Glass] Heartbleed OpenSSL bug patch for GemStone
Paul DeBruicker
pdebruic at gmail.com
Wed Apr 9 18:13:56 PDT 2014
Hi Steve,
Does the stone need to be shut down to apply these patches?
thanks
Paul
Steve Rawley-2 wrote
> Dear GemStone Customers,
>
> The OpenSSL cryptographic library, used by GemStone/S 64 Bit (version
> 3.0.0 and later only) for RPC session logins (client-to-gem
> connections), has a critical security bug that potentially allows
> private memory to be exposed to third parties.
>
> More information on this bug can be found at:
>
> http://heartbleed.com/
>
> This bug has been fixed in OpenSSL version 1.0.1g. GemStone uses
> OpenSSL as a shared library which can be replaced with minimal
> disruption.
>
> Download the libraries corresponding to your GemStone platform from:
>
> http://downloads.gemtalksystems.com/pub/openssl-1.0.1g
>
> There are two versions for most platforms, 32-bit and 64-bit. These
> libraries replace the SSL libraries shipped in $GEMSTONE/lib and
> $GEMSTONE/lib32 (%GEMSTONE%\bin on Windows). The libraries on the
> download site are named for version 3.1.0.5; if you are patching an
> older version of GemStone, rename them to match the existing SSL
> libraries in $GEMSTONE/lib and $GEMSTONE/lib32.
>
> We will publish a bug note with this information soon. No action is
> necessary for versions of the 64-bit product prior to 3.0.0 or any
> 32-bit GemStone/S version; these versions do not use OpenSSL.
>
> Please contact GemTalk customer support if you have any questions
> about this patch.
>
> Thank you,
> Steve Rawley
> _______________________________________________
> Glass mailing list
> Glass at .gemtalksystems
> http://lists.gemtalksystems.com/mailman/listinfo/glass
--
View this message in context: http://forum.world.st/Glass-Heartbleed-OpenSSL-bug-patch-for-GemStone-tp4753767p4753782.html
Sent from the GLASS mailing list archive at Nabble.com.
More information about the Glass
mailing list