Heartbleed OpenSSL bug patch for GemStone

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Heartbleed OpenSSL bug patch for GemStone

Steve Rawley-2
Dear GemStone Customers,

The OpenSSL cryptographic library, used by GemStone/S 64 Bit (version
3.0.0 and later only) for RPC session logins (client-to-gem
connections), has a critical security bug that potentially allows
private memory to be exposed to third parties.

More information on this bug can be found at:


This bug has been fixed in OpenSSL version 1.0.1g. GemStone uses
OpenSSL as a shared library which can be replaced with minimal

Download the libraries corresponding to your GemStone platform from:


There are two versions for most platforms, 32-bit and 64-bit. These
libraries  replace the SSL libraries shipped in $GEMSTONE/lib and
$GEMSTONE/lib32  (%GEMSTONE%\bin on Windows). The libraries on the
download site are named  for version; if you are patching an
older version of GemStone, rename them to match the existing SSL
libraries in $GEMSTONE/lib and $GEMSTONE/lib32.

We will publish a bug note with this information soon. No action is
necessary for versions of the 64-bit product prior to 3.0.0 or any
32-bit GemStone/S version; these versions do not use OpenSSL.

Please contact GemTalk customer support if you have any questions
about this patch.

Thank you,
Steve Rawley
GemStone-Smalltalk mailing list
[hidden email]