|
|
Updating Open SSL on Mountain Lion Server
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
I need to do this. Apple haven't patched a raft of vulnerabilities and I can't wait for them to get their act together.
Has anyone done this before? Is it going to cause me issues with future updates? Will all my services just happily play with the updated version?
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
OK, so Apple have just patched it with an updated OpenSSL in 10.9.5 so I guess a patch for 10.8 will be out soon. Maybe I'll just wait a couple days.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Apple has deprecated OpenSSL in Mac OS X. The version they ship, 0.9.8y, does not have the Heartbleed big, but it has other bugs, OpenSSL not being known for its fantastic code quality.
If the app you're running is building against the security framework in OS X that includes OpenSSL, it should have deprecated the OpenSSL code long ago. If it really wants OpenSSL specifically and it is one you compile yourself, you are probably best off installing a modern OpenSSL from a distribution manager and linking to that.
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
It was the built-in mail service on 10.8 Server! Apple patched it on Tuesday and the shipping version of OpenSSL on 10.8 and 10.9 is now 0.9.8za.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
So Apple's Server package links against libs they deprecated years ago?
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Must do. This particular server is subject to regular scans for PCI DSS compliance. A vulnerability was discovered in OpenSSL and the next scan failed. I patched it and the scan is happy again. Something must be linking against it.
Wonder how long its going to take them to patch this Shellshock bug.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
The bash maintainers have to come up with a good patch first. From what I hear, the second patch attempt wasn't good enough either. Ironically, Apple made a special command line update just before Shellshock.
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|