gpt4 book ai didi

security - GitLab Omnibus SSL 漏洞 (Heartbleed)

转载 作者:太空宇宙 更新时间:2023-11-03 13:47:57 25 4
gpt4 key购买 nike

我通过 omnibus package 安装了 GitLab 6.6.5在 Ubuntu 12.04 LTE 上。我的问题是 Ubuntu OpenSSL heartbleed 更新会覆盖 GitLab 的安装吗?安装有一个已安装的嵌入式 nginx。我已经通过 GitLab Omnibus Merge Request #66 启用了 SSL .

最佳答案

拥有嵌入式 NGinX 并不意味着它不会使用系统上安装的 /usr/bin/openssl。 (例如,ngx_http_ssl_module 确实需要 openssl)

如果 openssl 是 1.0.1g 或 1.0.2,你就不会有任何问题。

openssl version

如果没有,重新编译并安装它很容易。

当然,您可以键入:

ldd /path/to/nginx

这将为您提供二进制 nginx 使用的 openssl 的路径。
要获得完整路径,您可以使用

readlink -f /path/to/libssl.so.1.0.0

Bruno 添加 in the comments :

It's probably more about /lib/*/libssl.so.1.0.0 than /usr/bin/openssl (which ldd should indicate indeed).
In principle, upgrading to the package with the fix and restarting NGinX should fix the issue.

Also note that the version numbers in distribution packages (e.g. Ubuntu) don't necessarily match the official version numbers exactly, because they tend to keep the same version number (for the same features), but backport the security patches


OP crushedGrass 指出 in the comments Jacob Vosmaer (jacobvosmaer)commit "Update omnibus-software (CVE-2014-0160)" ,在 omnibus-gitlab

so all I had to do was run a reconfiguration.
I believe both your and Bruno's feedback is spot on, there are just more dependencies that have to match up.
GitLab uses Chef cookbooks to configure the setup and I definitely do not know enough about it to modify it downstream.

关于security - GitLab Omnibus SSL 漏洞 (Heartbleed),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22945620/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com