Heartbleed Bug says that the 0.9.8 branch isn't vulnerable.
Has anyone updated their open SSL on Moodle due to the Heartbleed issue - BBC News - Scramble to fix huge 'heartbleed' security bug
I am on OpenSSL V 0.9.8x
Does anyone know what I need to do to upgrade it to the latest version or am I worrying about nothing?
Wirral_Wonderer (9th April 2014)
I searched high and low for it as well!
Another site says that it is. I would suggest taking the opportunity to update regardless.
Ah, any ideas how?
That depends on the OS you're running.
It would help if I gave you that info!
Windows 2008 using iis
Wait, how/why are you using OpenSSL with IIS and not SChannel? Are you running a load balancer or reverse proxy in front of it?
Er?! Just what I got from php info. To be honest someone else set it up for us.
Maybe it's not an issue?
The LA is providing us with a reverse proxy as well
What should we be using?
We have just installed moodle 2.6 on a windows server and this also says it is running one of the affected versions. Does anyone know how to upgrade OpenSSL on windows?
tj2419 (10th April 2014)
Do i need to copy all these over? As i also can't seem to find a lib directory to replace on my moodle server.
Can you tell i don't play around with php much :P
Depends on your server. If you are running Apache :
- download php-5.4.16-Win32-VC9-x86.zip
- move your PHP out of the way
- extract the download to where PHP lives
- copy your php.ini over
- download httpd-2.4.9-win32-VC9.zip from https://www.apachelounge.com/download/additional/
- move Apache out of the way
- extract the apache download to where apache lives
- copy the apache conf over
- check apache runs using cmd
- if OK, restart apache
If you are running IIS, I guess the same applies but ignore the apache stuff.
Why upgrade Apache & PHP? Apache is built with OpenSSL and you need to have both patched.
There are currently 1 users browsing this thread. (0 members and 1 guests)