Results 1 to 4 of 4

Thread: /usr/lib/libssl.so.1.0.0: no version information available

  1. #1
    Join Date
    Jul 2013
    Posts
    22

    /usr/lib/libssl.so.1.0.0: no version information available

    Hello,
    I built openssl-1.0.1-g to fix heartbleed bug. From then, Whenever I try to update the server with custombuild, I get
    Code:
    /usr/lib/libssl.so.1.0.0: no version information available (required by ......)
    From then, apache and php causes error while compiling. I searched and found that the openssl v1.0.1-g dont have version information appended to its source but couldn't find a way to fix it. Could anybody help me fix this?
    Regards,
    Vijai

  2. #2
    Join Date
    Oct 2003
    Location
    Scottsdale, AZ
    Posts
    1,175
    Typically that means you have two different openssl libraries on your system. You linked with one (the newer one) but the runtime is using the other (older one). Try doing:
    find / -name libssl.so*
    and see if you have more than one version installed, if so you need to properly remove the older version.

    Since you said you installed version 1.0.1-g and you are showing 1.0.0 that tells me that is exactly what is happening. When you built your 1.0.1-g what were your configuration flags? If you didn't use something like --prefix=/usr then most likely all your libraries will be in /usr/local/lib. If that is not in the front of your $LD_LIBRARY_PATH it will look for the library in /usr/lib which is the older version (unless it was linked with the -R or -rpath flag). Depending on your OS, you would have been better of using their update mechanism to update that library, all the OS's I know of have updated theirs to mitigate the Heartbleed vulnerability.

  3. #3
    Join Date
    Jul 2013
    Posts
    22
    Quote Originally Posted by toml View Post
    Typically that means you have two different openssl libraries on your system. You linked with one (the newer one) but the runtime is using the other (older one). Try doing:
    find / -name libssl.so*
    and see if you have more than one version installed, if so you need to properly remove the older version.

    Since you said you installed version 1.0.1-g and you are showing 1.0.0 that tells me that is exactly what is happening. When you built your 1.0.1-g what were your configuration flags? If you didn't use something like --prefix=/usr then most likely all your libraries will be in /usr/local/lib. If that is not in the front of your $LD_LIBRARY_PATH it will look for the library in /usr/lib which is the older version (unless it was linked with the -R or -rpath flag). Depending on your OS, you would have been better of using their update mechanism to update that library, all the OS's I know of have updated theirs to mitigate the Heartbleed vulnerability.
    Thanks for your reply. I removed openssl and installed via apt. Now, I only get installed openssl-1.0.1e which I guess still has the hearbleed bug? I even run apt-get update to update the repos. Still the same. Why isnt my os able to fetch the latest one if its released by debian?

    Edit: even after reinstall of openssl, the error still exists :/
    Last edited by vijai; 05-10-2014 at 12:37 AM.

  4. #4
    Join Date
    Oct 2003
    Location
    Scottsdale, AZ
    Posts
    1,175
    I don't know if Debian back ports patches like Red Hat, but I would use one of the heart bleed scanners and not trust the version alone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •