FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Heartbleed bug?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Heartbleed bug? [message #185532 is a reply to message #185530] Wed, 09 April 2014 17:38 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 4/9/2014 11:56 AM, Robert Heller wrote:
> At Wed, 09 Apr 2014 11:21:51 -0400 Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>
>>
>> On 4/9/2014 9:56 AM, Robert Heller wrote:
>>> At Wed, 09 Apr 2014 09:17:46 -0400 Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>>>
>>>>
>>>> On 4/9/2014 8:24 AM, Kevin Burton wrote:
>>>> > Anyone know how this bug http://heartbleed.com/ affects PHP when the extension is enabled? Is there a patch for the extension?
>>>> >
>>>>
>>>> You need to be asking the OpenSSL people what products their bug affects.
>>>
>>> Since this is a shared library on a typical Linux system (eg LAMP server), it
>>> will affect any program that links with OpenSSL's library(-ies). I know that
>>> at least the CentOS user group is talking about it and I am sure RedHat is
>>> also looking at it. (A large number of LAMP servers run CentOS.)
>>>
>>>>
>>>
>>
>> That may or may not be. It depends on exactly what the problem is - or
>> exactly what it affects. From the description on the website, I can't
>> tell. Can you?
>>
>> Obviously, though, those who know the code would know exactly what it
>> affects.
>>
>> A bug in a program does not necessarily affect everything that touches
>> that program!
>
> According to the CentOS mailing list, a patched version of the openssl
> libraries was released yesterday. Only one version of CentOS (and I guess
> RHEL) were affected: 6.5. The patched version of the openssl fixes that (one
> also needs to remake certificates (with new private keys!) and revoke the old
> ones. CentOS 5 and CentOS 6.4 and earlier were NOT affected. In *my* case
> (deepsoft.com) since I run CentOS 5, *my* server is not affected. It is my
> understanding that a *large* number of LAMP webservers are running some
> version of CentOS. I presume that the system admins of the affected systems
> are on the CentOS mailing list and are on top of things.
>
>>
>>
>

That may be. But it still doesn't answer your original question as to
how (or even if) it affects PHP.

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: cURL and response code 302
Next Topic: PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 23:36:05 GMT 2024

Total time taken to generate the page: 0.04041 seconds