[Slackbuilds-users] Cauterizing heartbleed (CVE-2014-0160)

mancha mancha1 at hush.com
Fri Apr 11 18:34:44 UTC 2014

Willy Sudiarto Raharjo <willysr at ...> writes:
> I just ran a quick git grep "openssl" and came up with this list

Heartbleed is serious enough that responsible vulnerability management
requires some human work (preferably by either the package maintainer
or a user very familiar with the package's innards). Your git grep
helps a bit but is not enough.

For example, SBo offers a libreoffice [1] that needs to be upgraded
because it bundles a vulnerable OpenSSL [2] yet it's not in your list.

> Most of the scripts above are compiled using a dynamic linking against
> OpenSSL, but it won't hurt to simply rebuilt them if you use them
> against the latest OpenSSL available on Slackware 14.0, 14.1, and
> -Current

If we're sure the linking is dynamic then re-compilation is not needed.



[1] http://slackbuilds.org/repository/14.1/office/libreoffice/
[2] https://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/

More information about the SlackBuilds-users mailing list