[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?

To: Honza Vlach <janus@xxxxxxxx>
Subject: Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?
From: "ja6.com" <maillist@xxxxxxx>
Date: Mon, 22 Mar 2004 06:35:37 -0500

I recently recompiled my mod_ssl apache box and php.... for the openssl path, had to recompile both php and apache to get the updated linkage...

--Jon

Honza Vlach wrote:

Hello,
I have upgraded my servers to latest OpenSSL version (0.9.7d) and
restarted all daemons linked to it. Still, I'm a bit confused about what
else should I recompile.
I have checked apache mod_ssl and php module, which are both dynamically linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it was compiled against.
Does this mean, that I'm still vulnerable, or it is just version
hardcoded to the binary, while the library itself was sucessfully
reloaded?
What should be recompiled when there is new OpenSSL version issued?
Have a nice day,
Honza Vlach


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] OpenSSL - dynamically linked binaries?
  - From: Honza Vlach

Prev by Date: Re: [Full-Disclosure] OpenSSH attack attempt?
Next by Date: RE: [Full-Disclosure] Re: XP SP2 is out: 279MB
Previous by thread: [Full-Disclosure] OpenSSL - dynamically linked binaries?
Next by thread: Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?
Index(es):
- Date
- Thread