# [SOLVED] [INVALID] CVE-2014-0224 + nginx

## manwe_

Hi *.

I've upgraded openssl to 1.0.1h-r1 [amd64] and restarted nginx. But according to https://www.ssllabs.com/ssltest/analyze.html I was still vurnelable. So I've re-emerged nginx [1.0.1h-r1] and did full init.d/nginx stop & start, but still this test site shows I'm vulnerable to CVE-2014-0224. 

```
# eix -cIe openssl

[I] dev-libs/openssl (1.0.1h-r1@05.07.2014): full-strength general purpose cryptography library (including SSL and TLS)

# eix -cIe nginx

[I] www-servers/nginx (1.4.7@05.07.2014): Robust, small and high performance http and reverse proxy server

# ldd /usr/sbin/nginx | grep libssl

        libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 (0x00007f3ec5c66000)

# strings /usr/lib64/libssl.so.1.0.0 | grep "^OpenSSL "

OpenSSL 1.0.1h 5 Jun 2014

```

Any ideas?Last edited by manwe_ on Sat Jul 05, 2014 1:05 pm; edited 1 time in total

----------

## toralf

Well, revdep-rebuild is nowadays often no longer needed but what's about re-emerging nginx via "emerge -1 nginx" ?

BTW I do assume, that you have this

```
PORTAGE_ELOG_CLASSES="log warn error"

PORTAGE_ELOG_SYSTEM="save mail"
```

at least set in /etc/portage/make.conf to not lose emerge messages, right ?

----------

## manwe_

 *manwe_ wrote:*   

> So I've re-emerged nginx [1.0.1h-r1] and did full init.d/nginx stop & start, but still this test site shows I'm vulnerable to CVE-2014-0224. 

 

 *toralf wrote:*   

> but what's about re-emerging nginx via "emerge -1 nginx" ?

 

 :Wink: 

 *toralf wrote:*   

> BTW I do assume, that you have this … at least set in /etc/portage/make.conf to not lose emerge messages, right ?

 

I don't need to have _SYSTEM="mail", just "save". I launch every emerge manually.

----------

## toralf

Ick, didn't read your origin carefully enough  :Wink:  - well , what's about the idea that the web service of ssllabs is buggy ?  :Very Happy: 

----------

## manwe_

Looks like they are  :Smile:  I've launched one more test (via "clear cache") and this time (fourth time) it worked. Sorry to bother.

----------

