[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Bug-Travel

Subject: Re: [cobalt-security] Bug-Travel
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Tue, 21 Jan 2003 13:48:11 +0100
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Bruce,

> Also, when I restart Apache after installing the OpenSSL RPMS, it
> still shows "...OpenSSL/0.9.6b..." in the signature string. I don't
> know if this is dynamic or compiled in someplace...

The reference "OpenSSL/0.9.6b" in the Apache banner is because Mod_SSL 
(/usr/lib/apache/libssl.so) is compiled against OpenSSL/0.9.6b. 

To verify this you can run the following command from the command line:

strings /usr/lib/apache/libssl.so|grep OpenSSL

To upgrade the SSL version which Apache uses you'd need to recompile Mod_SSL 
against a newer OpenSSL. This can be done without recompiling Apache due to 
its modular architecture, however, you need to have the Apache-1.3.20 sources 
handy (from the old SRPM on the Cobalt FTP site, for instance).

I did that once with my free Mod_SSL upgrade PKG when Slapper & Scalper 
surfaced and before Sun Cobalt had the Apache patch ready.

-- 

With best regards,

Michael Stauber

References:
- [cobalt-security] Bug-Travel
  - From: Greg Boehnlein
- Re: [cobalt-security] Bug-Travel
  - From: Bruce Timberlake

Prev by Date: [cobalt-security] Trying to determine why RAQ4R rebooted
Next by Date: Re[3]: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
Previous by thread: Re: [cobalt-security] Bug-Travel
Next by thread: Re: [cobalt-security] Bug-Travel

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index