Hello all is the vulnerability in the /usr/lib/apache/libssl.so ? I was downloading the new version of openssl and compiled successfull the "openssl" binary... make test was ok ! Now how must compile the new libssl.so for apache ? Or what must i do for rebuild a non vulnerability version of openssl ? Many thanks for help in advance. Greetings Joachim -----Ursprüngliche Nachricht----- Von: Konstantin (Kastus) Shchuka [mailto:kastus@tsoft.com] Gesendet: Samstag, 14. September 2002 05:04 An: suse-security@suse.com
OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability http://online.securityfocus.com/bid/5363/solution
Linux.Slapper.Worm http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper. worm.html
Users are strongly encouraged to upgrade existing versions of OpenSSL to version 0.9.6e or 0.9.7beta3.
No need if you are using SuSE packages: on 7.3 (openssl-0.9.6b-150): * Fri Jul 26 2002 - okir@suse.de - Added security patch for remotely exploitable buffer overflows