/usr/lib/libssl.so.1.0.0: no version information available

vijai

Verified User
Joined
Jul 22, 2013
Messages
24
Hello,
I built openssl-1.0.1-g to fix heartbleed bug. From then, Whenever I try to update the server with custombuild, I get
Code:
/usr/lib/libssl.so.1.0.0: no version information available (required by ......)
From then, apache and php causes error while compiling. I searched and found that the openssl v1.0.1-g dont have version information appended to its source but couldn't find a way to fix it. Could anybody help me fix this?
Regards,
Vijai
 
Typically that means you have two different openssl libraries on your system. You linked with one (the newer one) but the runtime is using the other (older one). Try doing:
find / -name libssl.so*
and see if you have more than one version installed, if so you need to properly remove the older version.

Since you said you installed version 1.0.1-g and you are showing 1.0.0 that tells me that is exactly what is happening. When you built your 1.0.1-g what were your configuration flags? If you didn't use something like --prefix=/usr then most likely all your libraries will be in /usr/local/lib. If that is not in the front of your $LD_LIBRARY_PATH it will look for the library in /usr/lib which is the older version (unless it was linked with the -R or -rpath flag). Depending on your OS, you would have been better of using their update mechanism to update that library, all the OS's I know of have updated theirs to mitigate the Heartbleed vulnerability.
 
Typically that means you have two different openssl libraries on your system. You linked with one (the newer one) but the runtime is using the other (older one). Try doing:
find / -name libssl.so*
and see if you have more than one version installed, if so you need to properly remove the older version.

Since you said you installed version 1.0.1-g and you are showing 1.0.0 that tells me that is exactly what is happening. When you built your 1.0.1-g what were your configuration flags? If you didn't use something like --prefix=/usr then most likely all your libraries will be in /usr/local/lib. If that is not in the front of your $LD_LIBRARY_PATH it will look for the library in /usr/lib which is the older version (unless it was linked with the -R or -rpath flag). Depending on your OS, you would have been better of using their update mechanism to update that library, all the OS's I know of have updated theirs to mitigate the Heartbleed vulnerability.

Thanks for your reply. I removed openssl and installed via apt. Now, I only get installed openssl-1.0.1e which I guess still has the hearbleed bug? I even run apt-get update to update the repos. Still the same. Why isnt my os able to fetch the latest one if its released by debian?

Edit: even after reinstall of openssl, the error still exists :/
 
Last edited:
I don't know if Debian back ports patches like Red Hat, but I would use one of the heart bleed scanners and not trust the version alone.
 
Back
Top