Re: Did RedHat's OpenSSL patch miss Apache?
From: Todd Vierling (tv_at_duh.org)
Date: 05/10/04
- Previous message: focus-linux_at_nym.hush.com: "RE: decent loadbalancing with 2 different ISP's with minimum risks"
- In reply to: gf gf: "Did RedHat's OpenSSL patch miss Apache?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 May 2004 16:13:32 -0400 (EDT) To: gf gf <unknownsoldier93@yahoo.com>
On Sun, 9 May 2004, gf gf wrote:
: It seems to me that Apache uses its own copy of
: libssl, which is not part of the openssl RPM and hence
: not updated by the RedHat RPM update. (And is still
: vulnerable).
:
: $ rpm -q -f /usr/lib/apache/libssl.so
: mod_ssl-2.8.12-3
Are you sure that's libssl the OpenSSL library and not libssl the Apache
module? Try the following:
$ ldd /usr/lib/apache/libssl.so
If you see /usr/lib/libssl.so.* in the list, then this is a red herring --
the /usr/lib/apache/libssl.so is just the Apache module glue and is properly
using OpenSSL from /usr/lib like everything else.
-- -- Todd Vierling <tv@duh.org> <tv@pobox.com>
- Previous message: focus-linux_at_nym.hush.com: "RE: decent loadbalancing with 2 different ISP's with minimum risks"
- In reply to: gf gf: "Did RedHat's OpenSSL patch miss Apache?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
