[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] is this what we've been discussing - CERT Advisory CA-2002-27 Apache/mod_ssl Worm
- Subject: Re: [cobalt-users] is this what we've been discussing - CERT Advisory CA-2002-27 Apache/mod_ssl Worm
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun Sep 15 07:58:03 2002
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Sunday 15 September 2002 10:46, Dave Thurman (Mailing List Email) wrote:
> on 9/15/02 9:09 AM, Gerald Waugh stated:
> > On Sunday 15 September 2002 09:22, jale@xxxxxxxxxx wrote:
> >> My CERT watcher sent me this yesterday ...
> >
> > I could be wrong, is that ICBW?
> > But a while back I updated all my servers to use openssl 0.9.6e
> > AFAIK that version is OK, although i see they are on 'g', the openssl
> > guys are really kicking out the version!
> >
> > Gerald
>
> After reading the Cert report, if we upgrade our OpenSSL to OpenSSL-0.9.e
> or "g" will this effect SSH or any other OpenSSL dependencies?? I remember
> seeing something about the packagemaster group made the SSH run unshared?
> Any ideas?? I think we will attempt to upgrade today.
I have not tried 'g'. I am, and have been running 'e' for quite some time.
It will not affect SSH from pkgmaster as they used a 'static' library (it's
compiled into the package)
Gerald
--
http://frontstreetnetworks.com http://raqware.com
229 Front Street, Ste C, New Haven, CT 06513-3203
Phone: 203-785-0699