HEARTBLEED Bug Open SSL

Problems with the Linux version of XAMPP, questions, comments, and anything related.

HEARTBLEED Bug Open SSL

Postby rmueller1958 » 09. April 2014 15:53

is there a way to recompile OPENSSL and install into the Apache Friends structure?

NEED INFO!!
User avatar
rmueller1958
 
Posts: 11
Joined: 08. January 2004 20:09

Re: HEARTBLEED Bug Open SSL

Postby vicecapstix » 09. April 2014 16:02

Hello

I am also stuck, I have xampp for linux version 1.8.1 running openssl 1.0.1c and I need to fix the heart bleed vulnerability.
Any info would be great

Regards
vicecapstix
vicecapstix
 
Posts: 2
Joined: 09. April 2014 15:59
Operating System: Ubuntu 12.04

Re: HEARTBLEED Bug Open SSL

Postby iCeFrEsH » 10. April 2014 00:19

Same here. I am on XAMPP for Linux 1.8.2-2.
iCeFrEsH
 
Posts: 2
Joined: 05. July 2006 14:58

Re: HEARTBLEED Bug Open SSL

Postby kheng » 10. April 2014 05:31

you can try testing your site using:
http://filippo.io/Heartbleed/

although mine apparently didn't have any problems... nor did any of the sites listed as vulnerable on:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
kheng
 
Posts: 9
Joined: 16. April 2009 19:09
Location: Australia

Re: HEARTBLEED Bug Open SSL

Postby Papache » 10. April 2014 06:01

http://sourceforge.net/projects/xampp/files/security/2014-04%20Heartbleed/
Papache
 
Posts: 5
Joined: 09. April 2014 08:45
Operating System: Linux

Re: HEARTBLEED Bug Open SSL

Postby stateside » 10. April 2014 06:03

go to http://slproweb.com/products/Win32OpenSSL.html

If on windows, download and install the 32 bit on your machine.

copy the openssl.cnf (cfg? may need renamed) from the new installation \bin file to:
xampp\apache\conf\openssl.cnf

Copy the libeay32.dll, ssleay32.dll and openssl.exe from the new installation bin to:

xampp\apache\bin\libeay32.dll
xampp\apache\bin\ssleay32.dll
xampp\apache\bin\openssl.exe

Restart your server.

If all is good, go to control panel,add remove and remove the Win32OpenSSL.
stateside
 
Posts: 2
Joined: 10. April 2014 05:56
Operating System: Windows Server/Mac OSX/Linux

Re: HEARTBLEED Bug Open SSL

Postby stateside » 10. April 2014 06:40

Should also mention 1.0.1g and 1.8.3.
stateside
 
Posts: 2
Joined: 10. April 2014 05:56
Operating System: Windows Server/Mac OSX/Linux

Re: HEARTBLEED Bug Open SSL

Postby vicecapstix » 10. April 2014 07:48

Hello

Thanks for the responses, I have uploaded the files from source forge on my xampp 1.8.1 installation and all seem to running fine.

Regards
vicecapstix
vicecapstix
 
Posts: 2
Joined: 09. April 2014 15:59
Operating System: Ubuntu 12.04

Re: HEARTBLEED Bug Open SSL

Postby Beltran » 10. April 2014 10:09

We are working on releasing new versions and a fix to patch previous versions. We will publish the blog today.
User avatar
Beltran
Power-User
 
Posts: 108
Joined: 22. March 2013 12:29
Operating System: Windows, Linux, OS X

Re: HEARTBLEED Bug Open SSL

Postby Beltran » 10. April 2014 12:27

Hi,

We released new versions of XAMPP that fix this issue. This release addresses the important OpenSSL Heartbleed security issue. You can download new versions at http://www.apachefriends.org/download.html. We also released patches to fix the OpenSSL Heartbleed issue in previous installations at https://www.apachefriends.org/blog/heartbleed-bug.html.

v1.8.3-4

Updated OpenSSL to 1.0.1g
Updated Apache to 2.4.9
Updated PHP to 5.4.27
phpMyAdmin 4.1.12

v1.8.2-5

Updated OpenSSL to 1.0.1g
Updated Apache to 2.4.9
Updated PHP to 5.5.11
phpMyAdmin 4.1.12
User avatar
Beltran
Power-User
 
Posts: 108
Joined: 22. March 2013 12:29
Operating System: Windows, Linux, OS X

Re: HEARTBLEED Bug Open SSL

Postby denverdata » 16. April 2014 02:07

Hello,

Apache won't start after I update the patched files. I'm running XAMPP 1.8.1 on Windows Server 2008 R2 SP1 64-bit. If I install the patch downloaded from sourceforge using the link below, and replace my files as instructed, Apache does not start. If I go back to the original files, Apache works file.

http://sourceforge.net/projects/xampp/files/security/2014-04%20Heartbleed/

How can I get XAMPP 1.8.1 patched properly to fix the Heartbleed vulnerability?

Tom
denverdata
 
Posts: 1
Joined: 16. April 2014 02:03
Operating System: Windows Server 2008 R2 SP1 64

Re: HEARTBLEED Bug Open SSL

Postby minimoto » 16. April 2014 16:28

I had problem with openSSL, followed instructions, replace executable with dlls, but openSSL won't start up.
I had to re-install new released XAMPP version and all good now, I am using Win 2003 server.
minimoto
 
Posts: 1
Joined: 16. April 2014 16:21
Operating System: Windows 2003

Re: HEARTBLEED Bug Open SSL

Postby yjxyj » 23. April 2014 10:04

this works for me
https://community.apachefriends.org/f/viewtopic.php?t=68407&p=234942
http://www.apachelounge.com/download/
yjxyj
 
Posts: 1
Joined: 23. April 2014 09:59
Operating System: win2008


Return to XAMPP for Linux

Who is online

Users browsing this forum: No registered users and 5 guests