Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
RE: [suse-security] SuSE Security Announcement: openssl (SuSE-SA:2002:027)
  • From: Martin Köhling <mk@xxxxxxxxxxxxxxxxxx>
  • Date: Fri, 9 Aug 2002 11:59:40 +0200 (CEST)
  • Message-id: <Pine.LNX.4.33.0208091153380.7782-100000@xxxxxxxxxxxxxxxxxx>

[Roman: originally, I sent this mail to you directly by mistake (not to
the list) but didn't get any response; did it arrive at all?]

On Wed, 31 Jul 2002, Roman Drahtmueller wrote:

> >
> > So, if I'm using OpenSSH but (otherwise) not OpenSSL, will my remedy
> > require an update of OpenSSH or of OpenSSL, or both?
> Openssl. Then restart sshd:
> rcsshd restart
> Or, even better, reboot the system to make sure it worked.

At least on SuSE 7.2, openssh-2.9.9p2-103 does *not* dynamically link
against the ssl libs; ldd `which sshd` says: => /lib/ (0x4001d000) => /lib/ (0x40025000) => /lib/ (0x4002a000) => /lib/ (0x40039000) => /lib/ (0x4004f000) => /lib/ (0x40052000)
/lib/ => /lib/ (0x40000000)

(The "temporary update" openssh-3.3p1-6 *did* link against

So, if this version is vulnerable, the lib update won't fix it - do we
need yet another openssh upgrade???


< Previous Next >
This Thread
  • No further messages