Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
AW: [suse-security] OpenSSL Vulnerability
Hello all

is the vulnerability in the /usr/lib/apache/libssl.so ?
I was downloading the new version of openssl and compiled
successfull the "openssl" binary... make test was ok !
Now how must compile the new libssl.so for apache ?
Or what must i do for rebuild a non vulnerability version of openssl ?

Many thanks for help in advance.

Greetings Joachim

-----Urspr√ľngliche Nachricht-----
Von: Konstantin (Kastus) Shchuka [mailto:kastus@xxxxxxxxx]
Gesendet: Samstag, 14. September 2002 05:04
An: suse-security@xxxxxxxx
>
>
> OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow
> Vulnerability http://online.securityfocus.com/bid/5363/solution
>
> Linux.Slapper.Worm
> http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.
> worm.html
>
> Users are strongly encouraged to upgrade existing versions of OpenSSL
> to
> version 0.9.6e or 0.9.7beta3.

No need if you are using SuSE packages:

on 7.3 (openssl-0.9.6b-150):
* Fri Jul 26 2002 - okir@xxxxxxx

- Added security patch for remotely exploitable buffer overflows




< Previous Next >