| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: janus at volny.cz (Honza Vlach) Subject: OpenSSL - dynamically linked binaries? Hello, I have upgraded my servers to latest OpenSSL version (0.9.7d) and restarted all daemons linked to it. Still, I'm a bit confused about what else should I recompile. I have checked apache mod_ssl and php module, which are both dynamically linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it was compiled against. Does this mean, that I'm still vulnerable, or it is just version hardcoded to the binary, while the library itself was sucessfully reloaded? What should be recompiled when there is new OpenSSL version issued? Have a nice day, Honza Vlach -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040322/b9585023/attachment.bin
Powered by blists - more mailing lists