-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade openssl to 1.0.1g? CVE-2014-0160/heartbleed #2763
Comments
the |
Ok cool, thanks @mpapis. Thought you'd probably have this covered already just thought it best to put it in the list just in case :) |
As I understand it heartbleed is absolutely a client concern. A vulnerable client can be manipulated to dump memory contents to a malicious server it connects to. That is perhaps slightly harder to exploit but the memory contents of your local machine may still not be something you want to distribute far and wide.
Thanks for starting this issue already. Is there a good manual process for forcing an update I can point RVM users at while waiting for those binaries to be updated? (Apologies for not being prepared to offer one myself, it's been a while since I used RVM.) |
rvm reinstall ruby-version --disable-binary |
@mpapis thank you! |
Is this going to be tagged and landed on the stable branch soon? |
soon, I need to add extra check to ensure the latest versions are used (during rvm update and on ruby installation) |
Whilst doing the rounds updating openssl I noticed my rvm ruby is still using 1.0.1f - which according to http://heartbleed.com/ is vulnerable.
Apparently it's not really a client issue however I assume it's worth updating the rvm openssl version?
Is it just a case of updating .rvm/config/db to use:
?
The text was updated successfully, but these errors were encountered: