[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] OPENSSL vulnerability

Subject: Re: [cobalt-security] OPENSSL vulnerability
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Tue, 30 Jul 2002 18:55:11 +0000
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi David,

> So if my SSH is now patched with OpenSSH Release 3.4p1-3
> How is my OpenSSL doing?

You then still have a vulnerable OpenSSL installed.

But even upgrading that would not entirely get rid of the entire problem as a 
few applications have been compiled statically against the old OpenSSL. 

Apache for Instance as you can see from a RaQ4's Apache ident string:

Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.0.6 
mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25

So we'll even need a new Apache ... again.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

Follow-Ups:
- Re: [cobalt-security] OPENSSL vulnerability
  - From: Gerald Waugh

References:
- [cobalt-security] OPENSSL vulnerability
  - From: Kul
- Re: [cobalt-security] OPENSSL vulnerability
  - From: Michael Stauber
- Re: [cobalt-security] OPENSSL vulnerability
  - From: David Seaton

Prev by Date: Re: [cobalt-security] OPENSSL vulnerability
Next by Date: Re: [cobalt-security] new openssl vulnerabilities
Previous by thread: Re: [cobalt-security] OPENSSL vulnerability
Next by thread: Re: [cobalt-security] OPENSSL vulnerability

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index