I installed GitLab 6.6.5 via the omnibus package on Ubuntu 12.04 LTE. My question is will the Ubuntu OpenSSL heartbleed update cover the GitLab's installation? The installation has an embedded nginx that is installed. I have enabled SSL via the GitLab Omnibus Merge Request #66.
GitLab Omnibus SSL Vulnerability (Heartbleed)
632 Views Asked by Curtis Kelsey At
2
There are 2 best solutions below
0
jevinskie
On
Just so it is clear:
-> # ldd /opt/gitlab/embedded/sbin/nginx
...
libssl.so.1.0.0 => /opt/gitlab/embedded/lib/libssl.so.1.0.0 (0x00007fe3cf8f9000)
libcrypto.so.1.0.0 => /opt/gitlab/embedded/lib/libcrypto.so.1.0.0 (0x00007fe3cf520000)
...
Gitlab omnibus uses its own bundled OpenSSL. apt-get update will not update and protect an install of gitlab omnibus.
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in SSL
- Django's previous settings prevent connecting to localhost
- SSL error when redirecting from one lightsail subdomain to lightsail subdomain on different account
- HTTP Requests from SSL Secured(HTTPS) Domain Failing
- Reversed TLS re-connection issue
- Nginx configuration file and SSL certificate errors in Docker
- IBM DB2 console doesn't work after SSL certificate update
- mTLS not working with FastAPI and Uvicorn
- WSO2 change localhost - ERR_CERT_AUTHORITY_INVALID
- KeyCloak Handshake causing timeout
- Python SSL Error , Server side - Client certificate verify failing with Intermediate cert - self-signed certificate in certificate chain (_ssl.c:1007)
- Apps migrated from IIS server1 to another IIS server2 stopped communicating with an App on IIS server 1 via SSL (HTTPS)
- Let Artifactory use HTTPS settings
- Even though I added my SSL certificate, I get the "not secure" error
- CST 0001 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 173.725µs with error EOF remoteaddress=127.0.0.1:7051
- ERR_SSL_PROTOCOL_ERROR generated using X509 certificate with Kestrel hosting in .NET 8 on Linux
Related Questions in GITLAB
- There are no active runners online GitLab
- Error rising in gitlab configuration file
- Git commit asks for passphrase which I don't remember
- On Gitlab, is there a way to allow Maintaners to merge MRs even if some checks fail?
- Jenkins pipeline script: Accept merge request from Gitlab
- How to integrate GitLab code into SAP DataServices job?
- How to use dynamic value for start_in using environment variable in gitlab pipeline child job
- Replace React Variables in build folder before serving the build by express Server
- Gitlab CI/CD pipeline not destroying created Terraform created resources
- DevOps Preference: Point Solutions or Single Platform?
- GitLab release-job creates a release where asset is artifacts.zip instead of concrete file
- How to run particular jobs in GitLab CI/CD via GitLab API?
- How to start from a clean stage after maven release job fails in GitLab pipeline?
- Gitlab 16.10: The scheduler failed to assign job to the runner, please try again or contact system administrator
- Gitlab-runner cann't connect to gitlab server
Related Questions in HEARTBLEED-BUG
- Trying to recreate Heatbleed with AFL-FUZZ using OpenSSL 1.0.1f
- How to update OpenSSL on Ubuntu from OpenSSL 1.0.1f to OpenSSL 1.0.2g?
- I'm testing heartbleed but to my web server
- Degrading OpenSSL version on xampp to recreate Heartbleed
- Is the Ubuntu trusty public repo hosting a heartbleed vulnerable openssl version?
- Is my openssl version vulnerable?
- memcpy() not working as expected
- openssl Heart bleed Vulnerability
- How can I find the code which caused the Heartbleed Bug before the fix was made?
- how to install freeradius server?
- Linking with OpenSSL fails with Heartbleed security advisory even after upgrading it
- Does enabling the openssl php extension make my server vulnerable to hearbleed bug?
- regex to match safe openssl and unsafe openssl
- Is it harmful to use java.lang.String to store sensitive data?
- Cannot connect to the OpenSSL server with OPENSSL_NO_HEARTBEATS enabled
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Having an embedded NGinX doesn't mean it won't use the
/usr/bin/opensslinstalled on your system. (for instance, the ngx_http_ssl_module does require openssl)If that openssl is 1.0.1g or 1.0.2, you won't have any issue.
If not, it is easy enough to recompile it and install it.
To be sure, you can type:
That will give you the path of the openssl used by the binary
nginx.To get the full path, you can then use
Bruno adds in the comments:
The OP crushedGrass points out in the comments Jacob Vosmaer (
jacobvosmaer)'s commit "Update omnibus-software (CVE-2014-0160)", in omnibus-gitlab