[Pkg-openssl-devel] Bug#743889: libssl1.0.0: libssl update does not cause applications that use it to restart
Steven Chamberlain
steven at pyro.eu.org
Mon Apr 7 23:45:54 UTC 2014
Control: found -1 openssl/1.0.1e-2+deb7u4
Hi,
A helpful trick I found after upgrade is to:
# lsof -nnP | grep libssl.so.1
Look for entries that mention an inode number - this means an unlinked,
older version of the library rather than the one currently at that path:
> nginx 23947 root mem REG 254,2 1452500 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (path dev=0,17, inode=1454629)
After restarting the service, the process's pid changes obviously, but
is now using the current version of libssl too:
> nginx 3791 root mem REG 254,2 1454629 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (path dev=0,17)
I discovered today that many services had not even restarted since the
*last* openssl security upgrade. The DSA does mention it though.
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
More information about the Pkg-openssl-devel
mailing list