Debian Wheezy, Ubuntu 12.04.4 LTS, Centos 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2 are all listed as vulnerable to the Heartbleed bug.
It may be a day or two before binary package is available for automatic upgrade. You can compile from source if you have the tools for that installed first.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's a bit ironic, but according to the above link, since the OpenEMR Appliance is using an old ubuntu version (8.04) which uses openssl version 0.9.8, it is not vulnerable to this.
-brady
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
ALthough none of the openssl.exe files have embedded header data to display a version number, our XAMPP installation does certainly have two different versions of the OpenSSL executable. The second instance, located in xampp\php\extras\openssl seems to be missing support files. It's showing a later creation date, but if I had to bet, I'd guess that at 323,584 bytes it is an older version than the 346,112 byte version 0.9.8y found in xampp\apache\bin.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Paul,
Which version of xampp are you using, note the link above show you how to check which openssl version is being used. If you are using xampp 1.8.2, would be very helpful for the openemr community to know what openssh version is being shown.
-brady OpenEMR
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In XAMPP 1.8.0 for windows, an OpenSSL version of 1.0.1c is reported from the instance in xampp/apache/bin and from the phpinfo() link on localhost/xampp.
Last edit: epsdky 2014-04-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is very relevant to all linux installations ..
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Brady you'll need to update your appliance.
Debian Wheezy, Ubuntu 12.04.4 LTS, Centos 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2 are all listed as vulnerable to the Heartbleed bug.
Instructions for Ubuntu:
http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl
--Tony
www-mi-squared,com
It may be a day or two before binary package is available for automatic upgrade. You can compile from source if you have the tools for that installed first.
Appliance is no longer supported (note there is no 4.1.2 OpenEMR Appliance).
-brady
http://heartbleed.com/ It's a pretty scary read ...
It's a bit ironic, but according to the above link, since the OpenEMR Appliance is using an old ubuntu version (8.04) which uses openssl version 0.9.8, it is not vulnerable to this.
-brady
Binary upgrades are available for ubuntu
http://www.ubuntu.com/usn/usn-2165-1/
after upgrading, though openssl version still reports version 1.0.1e on my system.
However "openssl version -a"
Reports "built on Apr 7 ...2014"
Where as an "un-upgraded" system reports a July 2013 build date.
thanks Tony, Brady, and Kevin
FYI, here's a site to test for the vulnerability... http://filippo.io/Heartbleed/
The XAMPP package may also be vulnerable. Not sure what version it's currently built from.
https://www.apachefriends.org/blog/heartbleed-bug.html?ModPagespeed=noscript
It uses Xampp 1.8.2, so appears lucky again:
https://www.apachefriends.org/blog/heartbleed-bug.html
(search for 1.8.2 on that page where it states 1.8.2 is not vulnerable; somebody should verify this, though)
-brady
OpenEMR
ALthough none of the openssl.exe files have embedded header data to display a version number, our XAMPP installation does certainly have two different versions of the OpenSSL executable. The second instance, located in xampp\php\extras\openssl seems to be missing support files. It's showing a later creation date, but if I had to bet, I'd guess that at 323,584 bytes it is an older version than the 346,112 byte version 0.9.8y found in xampp\apache\bin.
Hi Paul,
Which version of xampp are you using, note the link above show you how to check which openssl version is being used. If you are using xampp 1.8.2, would be very helpful for the openemr community to know what openssh version is being shown.
-brady
OpenEMR
In XAMPP 1.8.0 for windows, an OpenSSL version of 1.0.1c is reported from the instance in xampp/apache/bin and from the phpinfo() link on localhost/xampp.
Last edit: epsdky 2014-04-17