lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <405ECF89.70002@ja6.com> From: maillist at ja6.com (ja6.com) Subject: OpenSSL - dynamically linked binaries? I recently recompiled my mod_ssl apache box and php.... for the openssl path, had to recompile both php and apache to get the updated linkage... --Jon Honza Vlach wrote: >Hello, >I have upgraded my servers to latest OpenSSL version (0.9.7d) and >restarted all daemons linked to it. Still, I'm a bit confused about what >else should I recompile. > >I have checked apache mod_ssl and php module, which are both dynamically >linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I >look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it >was compiled against. > >Does this mean, that I'm still vulnerable, or it is just version >hardcoded to the binary, while the library itself was sucessfully >reloaded? > >What should be recompiled when there is new OpenSSL version issued? > >Have a nice day, >Honza Vlach > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Powered by blists - more mailing lists