[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] new openssl vulnerabilities

Subject: Re: [cobalt-security] new openssl vulnerabilities
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 30 Jul 2002 22:26:14 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Tue, 2002-07-30 at 21:05, Gerald Waugh wrote:
> On Tue, 30 Jul 2002, Paul Jacobs wrote:
> >
> > Are you sure about that gerald?
> >
>     YES

Strictly speking, everything statically linked against openssl libraries
needs to be replaced.  On a typical Cobalt appliance, this includes
Apache and OpenSSH.  Thanks to the nice guys from Netherlands, we
already have replacement OpenSSH.  With Apache, I'm afraid we'll have to
wait for Sun to come up with update (or compile it ourselves).

If you have applications linked dynamically against openssl libraries,
you need to replace the openssl shared libraries, and can leave said
applications untouched.

Eugene

References:
- Re: [cobalt-security] new openssl vulnerabilities
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] OPENSSL vulnerability
Next by Date: Re: [cobalt-security] Re: new openssl vulnerabilities
Previous by thread: Re: [cobalt-security] new openssl vulnerabilities
Next by thread: Re: [cobalt-security] new openssl vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index