Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: OpenSSL - dynamically linked binaries?
From: "ja6.com" <maillist () ja6 com>
Date: Mon, 22 Mar 2004 06:35:37 -0500

I recently recompiled my mod_ssl apache box and php.... for the openssl path,
had to recompile both php and apache to get the updated linkage...


Honza Vlach wrote:

I have upgraded my servers to latest OpenSSL version (0.9.7d) and
restarted all daemons linked to it. Still, I'm a bit confused about what
else should I recompile.

I have checked apache mod_ssl and php module, which are both dynamically
linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I
look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it
was compiled against.
Does this mean, that I'm still vulnerable, or it is just version
hardcoded to the binary, while the library itself was sucessfully

What should be recompiled when there is new OpenSSL version issued?
Have a nice day,
Honza Vlach

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]