Wednesday, April 9, 2014

The SSL Heartbleed bug: UPDATE NOW!

The OpenSSL "Heartbleed Bug (CVE-2014-0160)" (see https://www.openssl.org/news/secadv_20140407.txt), as it is being called, is a serious security hole in the Secure Sockel Layer (SSL) used for sending private documents over the internet. This bug is fixed for AllegroGraph and Allegro CL by our recent SSL module update. 

AllegroGraph Servers

Here are the specific steps to fix AllegroGraph servers:
  1. Download the following to your local machine running AllegroGraph:
       http://franz.com/ftp/pub/patches/8.2/linuxamd64.64/aclissl.so
  2. Find where AllegroGraph is installed and replace the file of the same name in that installation directory with the one downloaded in step #1.
  3. Restart the AllegroGraph server. That is, stop it with (AG directory is the directory where AllegroGraph is installed):
    [AC directory]/bin/agraph-control --config [AG directory]/lib/agraph.cfg stop
    and restart it with
    [AG directory]/bin/agraph-control --config [AG directory]/lib/agraph.cfg start
Most AllegroGraph clients (AGWebview, etc.) run with non-Allegro CL software, which should be updated independently and the client restarted when the AllegroGraph server is restarted. If you are using the Lisp client, update Allegro CL as described above and then restart Allegro CL and connect it to the AllegroGraph server.

Tech Corner Article on Franz.com

http://franz.com/support/tech_corner/heartbleed040914.lhtml
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)