[ale] openssl related software question
jenn at colormaria.com
jenn at colormaria.com
Tue Jul 30 19:50:43 EDT 2002
With the openssl vuln disclosed today, I noticed that very few vendors were
talking about all the other software that is potentially affected, and I'm
really notat all knowledgable about dynamically linked stuff.
I run openssh and apache + mod_ssl on some of my servers, and I don't
compile them with anything specific to tell them where ssl lives. Are they
dynamically linked by default? How do I tell? ldd /usr/local/bin/ssh doesn't
show me anything about libssl.
What I'm getting at here is, do I need to recompile everything that uses
openssl? If not, how do I tell whether it's using the newer version or not?
Sorry if this is common knowledge or a stuipd question, I just don't see it
mentioned anywhere in the bugtraq posts...and RedHat recommends that you
restart your server after applying the patch!!!!! Since when do you reboot a
non-MS box after applying a patch!?
Thanks
jenn
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list