Serious OpenSSL bug renders websites wide open

  • Tony McCormick

    Tony McCormick - 2014-04-08

    It may be a day or two before binary package is available for automatic upgrade. You can compile from source if you have the tools for that installed first.

  • Brady Miller

    Brady Miller - 2014-04-08

    Appliance is no longer supported (note there is no 4.1.2 OpenEMR Appliance).

  • Brady Miller

    Brady Miller - 2014-04-08

    It's a bit ironic, but according to the above link, since the OpenEMR Appliance is using an old ubuntu version (8.04) which uses openssl version 0.9.8, it is not vulnerable to this.

  • Kevin Yeh

    Kevin Yeh - 2014-04-08

    Binary upgrades are available for ubuntu

    after upgrading, though openssl version still reports version 1.0.1e on my system.

    However "openssl version -a"

    OpenSSL 1.0.1e 11 Feb 2013
    built on: Mon Apr 7 20:33:19 UTC 2014
    platform: debian-amd64
    options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
    OPENSSLDIR: "/usr/lib/ssl"

    Reports "built on Apr 7 ...2014"
    Where as an "un-upgraded" system reports a July 2013 build date.

  • Stephen Waite

    Stephen Waite - 2014-04-08

    thanks Tony, Brady, and Kevin

  • Paul Williams

    Paul Williams - 2014-04-16

    ALthough none of the openssl.exe files have embedded header data to display a version number, our XAMPP installation does certainly have two different versions of the OpenSSL executable. The second instance, located in xampp\php\extras\openssl seems to be missing support files. It's showing a later creation date, but if I had to bet, I'd guess that at 323,584 bytes it is an older version than the 346,112 byte version 0.9.8y found in xampp\apache\bin.

  • Brady Miller

    Brady Miller - 2014-04-17

    Hi Paul,
    Which version of xampp are you using, note the link above show you how to check which openssl version is being used. If you are using xampp 1.8.2, would be very helpful for the openemr community to know what openssh version is being shown.

  • epsdky

    epsdky - 2014-04-17

    In XAMPP 1.8.0 for windows, an OpenSSL version of 1.0.1c is reported from the instance in xampp/apache/bin and from the phpinfo() link on localhost/xampp.

    Last edit: epsdky 2014-04-17

Log in to post a comment.