The recently announced patch for
openssl does a
good thing: it looks for services known to use
libssl and offers to
restart them for you.
However, it doesn't seem to notice
apache2, which relies heavily on
mod_ssl is enabled. You can check to see what services
still use the old libraries (as discussed earlier in my weblog
here). If you see
apache2 among that list, you should almost certainly do:
Alternately, if you already know that you're using
have an opportunity to add
apache2 to the list of services to be
restarted during the upgrade of
Many thanks to the debian security team for publishing this fix and making it so straightforward to restart most of the affected services. Your work is much appreciated!