[Glass] Heartbleed OpenSSL bug patch for GemStone
Steve Rawley
steve.rawley at gemtalksystems.com
Thu Apr 10 10:06:14 PDT 2014
Hi Paul,
Technically the stone does not need to be shut down; stopping all
sessions should be sufficient. The library is only loaded by GCI
clients (e.g. topaz) and gems. It is also used in hot standby systems,
so these would also need to be stopped. Administrative gems present
when stone starts (GC gems, symbol gem) do not load this library.
However, to make entirely certain all sessions are shut down, it is
probably a good idea to shut down the stone before replacing the
library.
Steve
On Wed, Apr 9, 2014 at 6:13 PM, Paul DeBruicker <pdebruic at gmail.com> wrote:
> Hi Steve,
>
>
> Does the stone need to be shut down to apply these patches?
>
>
> thanks
>
> Paul
>
>
>
>
> Steve Rawley-2 wrote
>> Dear GemStone Customers,
>>
>> The OpenSSL cryptographic library, used by GemStone/S 64 Bit (version
>> 3.0.0 and later only) for RPC session logins (client-to-gem
>> connections), has a critical security bug that potentially allows
>> private memory to be exposed to third parties.
>>
>> More information on this bug can be found at:
>>
>> http://heartbleed.com/
>>
>> This bug has been fixed in OpenSSL version 1.0.1g. GemStone uses
>> OpenSSL as a shared library which can be replaced with minimal
>> disruption.
>>
>> Download the libraries corresponding to your GemStone platform from:
>>
>> http://downloads.gemtalksystems.com/pub/openssl-1.0.1g
>>
>> There are two versions for most platforms, 32-bit and 64-bit. These
>> libraries replace the SSL libraries shipped in $GEMSTONE/lib and
>> $GEMSTONE/lib32 (%GEMSTONE%\bin on Windows). The libraries on the
>> download site are named for version 3.1.0.5; if you are patching an
>> older version of GemStone, rename them to match the existing SSL
>> libraries in $GEMSTONE/lib and $GEMSTONE/lib32.
>>
>> We will publish a bug note with this information soon. No action is
>> necessary for versions of the 64-bit product prior to 3.0.0 or any
>> 32-bit GemStone/S version; these versions do not use OpenSSL.
>>
>> Please contact GemTalk customer support if you have any questions
>> about this patch.
>>
>> Thank you,
>> Steve Rawley
>> _______________________________________________
>> Glass mailing list
>
>> Glass at .gemtalksystems
>
>> http://lists.gemtalksystems.com/mailman/listinfo/glass
>
>
>
>
>
> --
> View this message in context: http://forum.world.st/Glass-Heartbleed-OpenSSL-bug-patch-for-GemStone-tp4753767p4753782.html
> Sent from the GLASS mailing list archive at Nabble.com.
> _______________________________________________
> Glass mailing list
> Glass at lists.gemtalksystems.com
> http://lists.gemtalksystems.com/mailman/listinfo/glass
More information about the Glass
mailing list