• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

New OpenSSL vulnerability, directly impacting Nginx

Floren

Well-known member
#4
The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.
 

Brent W

Well-known member
#5
The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.
Maybe they figured 1.3 million a year is enough?
 

Brent W

Well-known member
#6
For CentminMod users:

Code:
step 1. run command to patch OpenSSL 1.0.1g source for Nginx usage

curl -sL https://gist.github.com/centminmod/7e0a38b394d5d2f8fc7a/raw/releasebuffer.sh | bash

step 2. Set OPENSSL_VERSION='1.0.1g' version set in centmin.sh

step 3. Run centmin.sh menu option #4 recompile Nginx. When prompted if you want to recompile OpenSSL - select YES
 

Null

Well-known member
#7
The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.
I think Apple deprecated the use of OpenSSL a few years back (at least, that's the impression I got from WWDC).
 

MattW

Well-known member
#8
For CentminMod users:

Code:
step 1. run command to patch OpenSSL 1.0.1g source for Nginx usage

curl -sL https://gist.github.com/centminmod/7e0a38b394d5d2f8fc7a/raw/releasebuffer.sh | bash

step 2. Set OPENSSL_VERSION='1.0.1g' version set in centmin.sh

step 3. Run centmin.sh menu option #4 recompile Nginx. When prompted if you want to recompile OpenSSL - select YES
Just patched 4 servers :)
 

Floren

Well-known member
#10
I think Apple deprecated the use of OpenSSL a few years back (at least, that's the impression I got from WWDC).
With the revenue they have, I think they can afford a donation of $300,000 which is BTW tax deductible. :rolleyes:(n)
After they ripped entirely FreeBSD to make their MacOS and bribed the developers with few pennies to have their mouths shut, they could at least support Open Source...
 

euantor

Well-known member
#11
The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.
Not all of that is going to OpenSSL though. It's a collective fund to help struggling Open Source projects IIRC.
 

Moshe1010

Well-known member
#12
With the revenue they have, I think they can afford a donation of $300,000 which is BTW tax deductible. :rolleyes:(n)
After they ripped entirely FreeBSD to make their MacOS and bribed the developers with few pennies to have their mouths shut, they could at least support Open Source...
There are better causes to support than crappy OpenSSL. Why would they support something they don't use? Because they have money? So? The above companies are using it, so they have an interest to support it.