The OpenSSL "Heartbleed Bug (CVE-2014-0160)" (see https://www.openssl.org/news/secadv_20140407.txt), as it is being called, is a serious security hole in the Secure Sockel Layer (SSL) used for sending private documents over the internet. This bug is fixed for Allegro CL by our recent SSL module update. This update affects Windows and UNIX ports of Allegro CL and AllegroGraph.
Some background: the ACL SSL module has some glue code that sits between the OpenSSL library and Allegro CL (and any app that is built upon Allegro CL, including AllegroGraph). On UNIX, this glue code statically links with the OpenSSL libraries. On Windows, we dynamically link to the installed OpenSSL libraries on the system.
For Windows, you can update your OpenSSL by following the instructions here:
http://franz.com/ftp/pub/openssl/windows/readme.txt
For UNIX systems, including Mac OS and Linux, you need to update your Allegro CL with sys:update-allegro. The only files updated are the ACL SSL shared library. They are named:
aclssl.$ext for mlisp8 and alisp8 aclissl.$ext for mlisp and alisp
where $ext is the platform-specific shared library extension: so (thus aclissi.so etc.) on Linux, AIX, FreeBSD and Solaris; and dylib (thus aclissi.dylib etc.) on Mac OS. (As noted above, Windows platforms are updated in a different way.)
If you've built an application which uses the SSL module, then you need to:
Step #2 is critical, since you won't use the fixed OpenSSL unless you restart.
You can test your service, if it is public, with the following websites:
AllegroGraph maintenance release, version 4.13.2, is available for download. This release contains the Heartbleed bug fix. We recommend users download this new release. If for any reason you are unable to download and use version 4.13.2, follow the instructions below for applying to Heartbleed fix to your pre-4.13.2 AllegroGraph version.
Here are the specific steps to fix AllegroGraph servers:
http://franz.com/ftp/pub/patches/8.2/linuxamd64.64/aclissl.so
[AC directory]/bin/agraph-control --config [AG directory]/lib/agraph.cfg stop
and restart it with
[AG directory]/bin/agraph-control --config [AG directory]/lib/agraph.cfg start
Most AllegroGraph clients (AGWebview, etc.) run on with non-Allegro CL software, which should be updated independently and the client restarted when the AllegroGraph server is restarted. If you are using the Lisp client, update Allegro CL as described above and then restart Allegro CL and connect it to the AllegroGraph server.
Copyright © 2023 Franz Inc., All Rights Reserved | Privacy Statement |