Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Linux/Slapper.worm
  • From: Markus Gaugusch <markus@xxxxxxxxxxx>
  • Date: Wed, 18 Sep 2002 15:16:39 +0200 (CEST)
  • Message-id: <Pine.LNX.4.44.0209181511120.10414-100000@xxxxxxxxxxxxxxxxxx>
On Sep 18, Joachim Hummel <joachim.hummel@xxxxxxxxxxxxx> wrote:
> Mod_SSL or OpenSSL ? I donŽt unterstand this ??
> OpenSSL is standalone application !
> SSL with Apache works only with file /usr/lib/apache/libssl.so
> SSL with Apache works only with file /usr/lib/apache/libcrypto.so

markus@dynast:/usr/lib/apache > ldd libssl.so
libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x00142000)
libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x00170000)
libc.so.6 => /lib/libc.so.6 (0x00231000)
libdl.so.2 => /lib/libdl.so.2 (0x00344000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
markus@dynast:/usr/lib/apache > rpm -qf /usr/lib/libssl.so.0.9.6
openssl-0.9.6a-67

As you see, libssl from mod_ssl links to libssl from openssl.
> I canŽt find any ssl version of 0.9.6.e or 0.9.6.g this is recommended
> of securityfocus.com
SuSE provides fixed updates of the version that has been delivered with
the release of the product to keep other packages that are binary
dependend intact.
> > They care and they have already packaged updates.
> NO.. !!
> This is older version as recommended version of 0.9.6.e
Stop moaning around. See
http://www.suse.de/de/security/2002_027_openssl.html for more information.
SuSE 8.0 gets updates with 0.9.6c, 7.3 with 0.9.6b

Markus
--
__________________ /"\
Markus Gaugusch \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \



< Previous Next >
References