Re: OpenSSH affected by recent OpenSSL security problems?

From: Nico Kadel-Garcia (nkadel@verizon.net)
Date: 03/24/03

Next message: Ian Mortimer: "Re: openssh and opie challenge"
Previous message: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
In reply to: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Nico Kadel-Garcia <nkadel@verizon.net>
Date: Mon, 24 Mar 2003 03:19:09 GMT

Dimitri Maziuk wrote:
> Nico Kadel-Garcia sez:
>
>>Dimitri Maziuk wrote:
>>
>>>Neil W Rickert sez:
>>
> ....
>
>>>>If you are using dynamic openssl libraries, then you should only
>>>>need to rebuild those without recompiling openssh.
>>>
>>>
>>>That's what I thought. And then I found out that libcryto's soname
>>>is 0.9.7 (old one had 0.9.6). So you can't upgrade from 0.9.6x to
>>>0.9.7y without rebuilding openssh and everything else linked with
>>>openssl's so's.
>>
>>Yes, you can. You have to build a spare set of compatibility libraries
>>for old software you're not ready to replace: take a look at the RedHat
>>RPM's for how such things can be done.
>
>
> Right. You're applying a security patch and then do all those things
> to leave your daemons unpatched.

Not at all. You patch the old ones, keep them around, and install new
ones so that new compilation and devolepment automatically occurs with
the new libraries. It's useful if you lack time and resources to
regression test all old packages. RedHat used this trick to publish
"compat-glibc" packages to allow binaries compiled with older glibc
versions to continue to operate without recompilation: it buys time to
implement the upgrades.

> And, please, CC: to me when you're replying to usenet -- I really
> need more stuff in my mailbox.

Different strokes for different folks. Set the "Reply-To:" if you don't
want the occasionall CC.

Next message: Ian Mortimer: "Re: openssh and opie challenge"
Previous message: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
In reply to: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: libstd c++.so.5 error
... He posts here to keep his keyboard sticky. ... One approach is to take a look at all the other packages RedHat publishes ... a set of compatibility libraries ... so that packages from older operating systems can still run on the newer ...
(comp.os.linux.setup)
Re: New to x86_64; why so many i386 packages?
... I'm amazed at the number of duplicate packages installed. ... compatibility libraries just for those few apps? ... In Fedora 8, use the base arch plugin. ...
(Fedora)