[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] OPENSSL vulnerability
- Subject: Re: [cobalt-security] OPENSSL vulnerability
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 30 Jul 2002 18:55:11 +0000
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi David,
> So if my SSH is now patched with OpenSSH Release 3.4p1-3
> How is my OpenSSL doing?
You then still have a vulnerable OpenSSL installed.
But even upgrading that would not entirely get rid of the entire problem as a
few applications have been compiled statically against the old OpenSSL.
Apache for Instance as you can see from a RaQ4's Apache ident string:
Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.0.6
mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25
So we'll even need a new Apache ... again.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer