lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <405ECF89.70002@ja6.com>
From: maillist at ja6.com (ja6.com)
Subject: OpenSSL - dynamically linked binaries?

I recently recompiled my mod_ssl apache box and php....  for the openssl 
path,
had to recompile both php and apache to get the updated linkage...

--Jon

Honza Vlach wrote:

>Hello,
>I have upgraded my servers to latest OpenSSL version (0.9.7d) and
>restarted all daemons linked to it. Still, I'm a bit confused about what
>else should I recompile.
>
>I have checked apache mod_ssl and php module, which are both dynamically
>linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I
>look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it
>was compiled against. 
>
>Does this mean, that I'm still vulnerable, or it is just version
>hardcoded to the binary, while the library itself was sucessfully
>reloaded?
>
>What should be recompiled when there is new OpenSSL version issued? 
>
>Have a nice day,
>Honza Vlach
>
>
>  
>



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Powered by blists - more mailing lists