Date: Wed, 31 Jul 2002 07:57:30 -0400 From: Mike Tancsa <mike@sentex.net> To: Sune Stjerneby <sst@vmunix.dk> Cc: security@freebsd.org Subject: Re: apache mod_ssl ? Message-ID: <5.1.0.14.0.20020731075521.04b14d70@192.168.0.12> In-Reply-To: <20020731085657.GA33775@fnyx.vmunix.dk> References: <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> <5.1.0.14.0.20020730231635.040ee248@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, looks like my local copy libphp4.so as well :-( Anyone know of any
other apps statically compiled with bits of the vulnerable openssl out of
the ports that would be affected ?
---Mike
At 10:56 AM 7/31/2002 +0200, Sune Stjerneby wrote:
>Mike Tancsa writes:
> >After a buildworld, do I need to worry about apache with mod_ssl ? Are
> >there parts that are statically compiled using openSSL ?
>
>I suspect so,
>
>% strings /usr/local/libexec/apache/libssl.so | egrep "0\.9\.6"
>OpenSSL 0.9.6a 5 Apr 2001
>
>After a rebuild, it reads "OpenSSL 0.9.6e 30 Jul 2002" in
>apache/libssl.so.
>
>--
>Sune Stjerneby <sst@vmunix.dk>
> % bloto flem rech rech kini
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020731075521.04b14d70>