New OpenSSL vulnerability, directly impacting Nginx

The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.
 
The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.

Maybe they figured 1.3 million a year is enough?
 
For CentminMod users:

Code:
step 1. run command to patch OpenSSL 1.0.1g source for Nginx usage

curl -sL https://gist.github.com/centminmod/7e0a38b394d5d2f8fc7a/raw/releasebuffer.sh | bash

step 2. Set OPENSSL_VERSION='1.0.1g' version set in centmin.sh

step 3. Run centmin.sh menu option #4 recompile Nginx. When prompted if you want to recompile OpenSSL - select YES
 
The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.
I think Apple deprecated the use of OpenSSL a few years back (at least, that's the impression I got from WWDC).
 
For CentminMod users:

Code:
step 1. run command to patch OpenSSL 1.0.1g source for Nginx usage

curl -sL https://gist.github.com/centminmod/7e0a38b394d5d2f8fc7a/raw/releasebuffer.sh | bash

step 2. Set OPENSSL_VERSION='1.0.1g' version set in centmin.sh

step 3. Run centmin.sh menu option #4 recompile Nginx. When prompted if you want to recompile OpenSSL - select YES
Just patched 4 servers :)
 
I think Apple deprecated the use of OpenSSL a few years back (at least, that's the impression I got from WWDC).
With the revenue they have, I think they can afford a donation of $300,000 which is BTW tax deductible. :rolleyes:(n)
After they ripped entirely FreeBSD to make their MacOS and bribed the developers with few pennies to have their mouths shut, they could at least support Open Source...
 
The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.

Not all of that is going to OpenSSL though. It's a collective fund to help struggling Open Source projects IIRC.
 
With the revenue they have, I think they can afford a donation of $300,000 which is BTW tax deductible. :rolleyes:(n)
After they ripped entirely FreeBSD to make their MacOS and bribed the developers with few pennies to have their mouths shut, they could at least support Open Source...
There are better causes to support than crappy OpenSSL. Why would they support something they don't use? Because they have money? So? The above companies are using it, so they have an interest to support it.
 
Top Bottom