[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] new openssl vulnerabilities
- Subject: RE: [cobalt-security] new openssl vulnerabilities
- From: Jonah Keough <jonah@xxxxxxxxxxxx>
- Date: Thu, 1 Aug 2002 09:19:06 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Fyi, I got a response from Sun on patches for the OpenSSL vulnerability (and
a vague availability time).
jk
--
Jonah Keough
Net Admin
-----Original Message-----
From: Brent Paulson
Sent: Thursday, August 01, 2002 9:12 AM
Subject: Re: Cobalt RaQs, Apache/OpenSSL patches
The Sun Cobalt group are currently working on patches for the issues
described above. All Sun Cobalt platforms are affected. A SunAlert is
being authored to describe the issues, platforms affected, and the
resolution description. Its difficult to predict with accuracy patch
dates, but they will most likely become available in another week or so.
The SunAlert will be published on SunSolve (http://www.sunsolve.com). We
aren't setup to provide continued updates, as that is more of a Sun Service
role. Hope this helps.
Best regards,
Brent Paulson
security-alert@xxxxxxx
-----Original Message-----
From: Eugene Crosser [mailto:crosser@xxxxxxxxxxx]
Sent: Tuesday, July 30, 2002 11:26 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] new openssl vulnerabilities
Strictly speking, everything statically linked against openssl libraries
needs to be replaced. On a typical Cobalt appliance, this includes Apache
and OpenSSH. Thanks to the nice guys from Netherlands, we already have
replacement OpenSSH. With Apache, I'm afraid we'll have to wait for Sun to
come up with update (or compile it ourselves).
If you have applications linked dynamically against openssl libraries, you
need to replace the openssl shared libraries, and can leave said
applications untouched.
Eugene