On Thu, Apr 10, 2014 at 9:54 AM, Florian Ernst <florian_er...@gmx.net>wrote:
> > This is not accurate, OpenSSL 1.0.1 through 1.0.1f (inclusive) are > vulnerable. Please see > https://www.debian.org/security/2014/dsa-2896 > as well as > http://heartbleed.com/ > Thanks Flo, That's one of the problems with stories like this is that there is a lot of misinformation out there. I started reading on Bruce Schneier's site, and bounced off several sites from there. I guess I either read wrong or hit some misinformation. Also, with the extensive list of apps that need to be restarted, unless you have an overriding reason not to, I would recommend that you reboot instead of trying to cherry pick apps to restart. (The "nuke it from orbit. It's the only way to be sure." approach. :) ) Debian did a good job of finding most of the apps that depend on openssl, but I know they missed at least one, puppet. --b
