Re: Did RedHat's OpenSSL patch miss Apache?
From: Jacob Robert Wilkins (jrw_at_nplus1.net)
Date: 05/10/04
- Previous message: Cedric Blancher: "Re: decent loadbalancing with 2 different ISP's with minimum risks"
- In reply to: gf gf: "Did RedHat's OpenSSL patch miss Apache?"
- Next in thread: Todd Vierling: "Re: Did RedHat's OpenSSL patch miss Apache?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 May 2004 13:19:00 -0400 To: gf gf <unknownsoldier93@yahoo.com>
On Sun, May 09, 2004 at 08:13:21PM -0700, gf gf wrote:
> A while ago, RedHat issued
> https://rhn.redhat.com/errata/RHSA-2004-119.html
> concerning security issues with OpenSSL.
>
> It seems to me that Apache uses its own copy of
> libssl, which is not part of the openssl RPM and hence
> not updated by the RedHat RPM update. (And is still
> vulnerable).
>
> $ rpm -q -f /usr/lib/apache/libssl.so
> mod_ssl-2.8.12-3
No problem here, /usr/lib/apache/libssl.so is actually just the apache
module for mod_ssl. It would seem to be poorly named, but it should not
be confused with the OpenSSL library.
Note that /usr/lib/apache/libssl.so is linked against OpenSSL's libssl.
[jrw@thorin jrw]$ ldd /usr/lib/apache/libssl.so
libssl.so.2 => /lib/libssl.so.2 (0x2aae4000)
libcrypto.so.2 => /lib/libcrypto.so.2 (0x2ab12000)
libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
libdl.so.2 => /lib/libdl.so.2 (0x2abd6000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x55555000)
jrw
- Previous message: Cedric Blancher: "Re: decent loadbalancing with 2 different ISP's with minimum risks"
- In reply to: gf gf: "Did RedHat's OpenSSL patch miss Apache?"
- Next in thread: Todd Vierling: "Re: Did RedHat's OpenSSL patch miss Apache?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
