[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] new openssl vulnerabilities

Subject: Re: [cobalt-security] new openssl vulnerabilities
From: "Eugene Crosser" <crosser@xxxxxxxxxxx>
Date: Fri, 2 Aug 2002 00:45:02 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> How can I tell - which applications are running openssl shared libraries?

If you don't know about them, the chances are that you don't have any.
If you did not install openssl from rpm or from the source, you definitely
don't have any.

If you, for example, compiled stunnel or SSL IMAPd, you might have
made then dynamically linked.

> > Strictly speking, everything statically linked against openssl libraries
> > needs to be replaced.  On a typical Cobalt appliance, this includes
Apache
> > and OpenSSH.  Thanks to the nice guys from Netherlands, we already have
> > replacement OpenSSH.  With Apache, I'm afraid we'll have to wait for Sun
to
> > come up with update (or compile it ourselves).
> >
> > If you have applications linked dynamically against openssl libraries,
you
> > need to replace the openssl shared libraries, and can leave said
> > applications untouched.
> >
> > Eugene
> >

Follow-Ups:
- Re: [cobalt-security] new openssl vulnerabilities
  - From: David Black

References:
- RE: [cobalt-security] new openssl vulnerabilities
  - From: Jonah Keough
- RE: [cobalt-security] new openssl vulnerabilities
  - From: David Black

Prev by Date: RE: [cobalt-security] new openssl vulnerabilities
Next by Date: Re: [cobalt-security] new openssl vulnerabilities
Previous by thread: RE: [cobalt-security] new openssl vulnerabilities
Next by thread: Re: [cobalt-security] new openssl vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index