#414 closed defect (invalid)
Outdated OpenSSL on OSGEO4W - Heartbleed
| Reported by: | hgrundy | Owned by: | |
|---|---|---|---|
| Priority: | critical | Component: | Package |
| Version: | Keywords: | ||
| Cc: |
Description
The OpenSSL package bundled with OSGEO4W (1.0.1e) is vulnerable to the Heartbleed exploit.
ssleay32.dll is currently 1.0.1e and needs to be updated to 1.0.1g
Change History (5)
comment:1 by , 10 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
follow-up: 4 comment:2 by , 10 years ago
@jef: is there an easy process for users with a preinstalled osgeo4w to upgrade their installation with the fixed openssl?
If yes then I think we should outline it here (even if it's as simple as pushing an update button), and share it on the osgeo-discuss list.
follow-up: 5 comment:3 by , 10 years ago
There is an easy workaround if you don't want to update all of OSGEO4W. You can replace the libeay32.dll and ssleay32.dll files in the bin directory with the latest ones found at http://slproweb.com/products/Win32OpenSSL.html
comment:4 by , 10 years ago
Replying to dmorissette:
@jef: is there an easy process for users with a preinstalled osgeo4w to upgrade their installation with the fixed openssl?
If yes then I think we should outline it here (even if it's as simple as pushing an update button), and share it on the osgeo-discuss list.
Just rerun the setup using advanced mode and it'll update openssl (or any other package that has updates).
comment:5 by , 10 years ago
Replying to hgrundy:
There is an easy workaround if you don't want to update all of OSGEO4W. You can replace the libeay32.dll and ssleay32.dll files in the bin directory with the latest ones found at http://slproweb.com/products/Win32OpenSSL.html
You can also "keep" all packages at the installed version. Clicking on the new version number switched between available versions, Keep, Reinstall and Uninstall).
Already updated to 1.0.1g.