Re: Did RedHat's OpenSSL patch miss Apache?

From: Todd Vierling (tv_at_duh.org)
Date: 05/10/04

  • Next message: Scott Gifford: "Re: decent loadbalancing with 2 different ISP's with minimum risk s"
    Date: Mon, 10 May 2004 16:13:32 -0400 (EDT)
    To: gf gf <unknownsoldier93@yahoo.com>
    
    

    On Sun, 9 May 2004, gf gf wrote:

    : It seems to me that Apache uses its own copy of
    : libssl, which is not part of the openssl RPM and hence
    : not updated by the RedHat RPM update. (And is still
    : vulnerable).
    :
    : $ rpm -q -f /usr/lib/apache/libssl.so
    : mod_ssl-2.8.12-3

    Are you sure that's libssl the OpenSSL library and not libssl the Apache
    module? Try the following:

    $ ldd /usr/lib/apache/libssl.so

    If you see /usr/lib/libssl.so.* in the list, then this is a red herring --
    the /usr/lib/apache/libssl.so is just the Apache module glue and is properly
    using OpenSSL from /usr/lib like everything else.

    -- 
    -- Todd Vierling <tv@duh.org> <tv@pobox.com>
    

  • Next message: Scott Gifford: "Re: decent loadbalancing with 2 different ISP's with minimum risk s"

    Relevant Pages

    • Re: Did RedHats OpenSSL patch miss Apache?
      ... > concerning security issues with OpenSSL. ... > It seems to me that Apache uses its own copy of ... > libssl, which is not part of the openssl RPM and hence ... > not updated by the RedHat RPM update. ...
      (Focus-Linux)
    • Re: GCC 3.3
      ... > apache, sendmail, ip-filter, openssl and others all OK so far. ...
      (comp.unix.solaris)
    • Re: Python does not play well with others
      ... unwise for libraries. ... In the specific examples of OpenSSL, MySQL, and Apache, the modules ...
      (comp.lang.python)
    • Re: mod_ssl or openssl?
      ... SSL certificate through them, they asked whether it should be for ... Apache mod_ssl or for Apache + openssl. ... Maybe the 3 first link can help you to make the diff between both. ...
      (Fedora)
    • Re: mod_ssl or openssl?
      ... SSL certificate through them, they asked whether it should be for ... Apache mod_ssl or for Apache + openssl. ... Creating a certificate request, or a pair of public/private keys are ...
      (Fedora)