Re: [suse-security] SuSE Security Announcement: openssl (SuSE-SA:2002:027)
Quick question, on a 7.0 system, my apache has (stock suse, newest update) mod_ssl configured in, but seems not to use /usr/lib/libssl.so* /usr/lib/libcrypto.so* but instead /usr/lib/apache/libssl.so lisa:/home/bleutgen/software/suse_update/020731 # fuser -v /usr/lib/libssl.so* /usr/lib/libcrypto.so* lisa:/home/bleutgen/software/suse_update/020731 # but lisa:/home/bleutgen/software/suse_update/020731 # fuser -v /usr/lib/apache/libssl.so USER PID ACCESS COMMAND /usr/lib/apache/libssl.so root 27258 ....m httpd root 27259 ....m httpd root 27260 ....m httpd root 27261 ....m httpd root 27262 ....m httpd root 27265 ....m httpd and lisa:/home/bleutgen/software/suse_update/020731 # rpm -qf /usr/lib/apache/libssl.so mod_ssl-2.8.2-33 So, my question is, does updating openssl really upgrade mod_ssl? Probably I'm just confused. cheers, oliver
So, my question is, does updating openssl really upgrade mod_ssl?
Probably I'm just confused.
You're not. 7.0 is an irregular case, noted in the upcoming apache announcement (takes one more hour). mod_ssl (/usr/lib/apache/libssl.so) on 7.0 is statically linked against openssl. Please update your apache packages for 7.0, and you're safe.
cheers, oliver
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
participants (2)
-
Oliver Bleutgen
-
Roman Drahtmueller