Poodlebleed Fixes
Slackware has released advisories to several products and i didn't write the previous one so consider this as a cumulative updates :)
The previous update was about Firefox and Thunderbird and it's only released in -current architecture. There are no ESR updates for stable releases anymore.
The second and latest advisories is about openssl which is vulnerable to multiple vulnerabilities, including the latest poodlebleed. If you are running public servers, it's highly recommended to upgrade the openssl packages as soon as possible. Use the above link to test whether your server is still vulnerable or not.
Upgrading openssl packages is not enough as your web server application (apache or nginx or any other products you use) can still fallback SSLv3, so you need to disable it manually. Here's how to do it:
The previous update was about Firefox and Thunderbird and it's only released in -current architecture. There are no ESR updates for stable releases anymore.
The second and latest advisories is about openssl which is vulnerable to multiple vulnerabilities, including the latest poodlebleed. If you are running public servers, it's highly recommended to upgrade the openssl packages as soon as possible. Use the above link to test whether your server is still vulnerable or not.
Upgrading openssl packages is not enough as your web server application (apache or nginx or any other products you use) can still fallback SSLv3, so you need to disable it manually. Here's how to do it:
- nano /etc/httpd/extra/httpd-ssl.conf
- Change
SSLProtocol all -SSLv2
into
SSLProtocol all -SSLv2 -SSLv3 - Restart apache