Holes found in OpenSSL...

Mark Street jet at sonic.net
Tue Jul 30 10:19:28 PDT 2002


Red Hat and Debian already have a fix out.  RPM's and deb's .... hit your
local nblug mirror...

On Tue, 30 Jul 2002, ME wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello LUG members,
>
> Posts have been made to Bugtraq about multiple holes found in OpenSSL that
> could lead to remote exploits and root access. Projects compiled with
> OpenSSL (mod_ssl, Apache_ssl, openssh, etc) are suggested for upgrades to
> new ones. Since OpenSSL is a library, other packages that include code
> from OpenSSL may need to be recompiled after you have recompiled and
> installed OpenSSL.
>
> Reference / citation:
> http://online.securityfocus.com/archive/1/285022/2002-07-27/2002-08-02/0
>
> If you have only used pre-packaged binaries from your favorite Linux
> Dirstro, you can do one of several things:
> 1) Wait for your vendor to release new packages. (Some vendors have
> notices on upgrading packages.)
> 2) Ditch your local installs and build your own services (lots of work)
> 3) Do nothing (bad idea)
>
> If you are a build your own stuff, then you will want to get your own
> copies of OpenSSL. The http://www.openssl.org/ website is really busy and
> has been up/down for a while. I found the dl paths for the two latest
> files. Find a mirror, or use wget (or similar) and point it to one of
> these URLs:
>
> http://www.openssl.org/source/openssl-0.9.6e.tar.gz
> http://www.openssl.org/source/openssl-0.9.7-beta3.tar.gz
>
> So, watch for updates from your vendor and/or build your own libs and
> applictions that use those libs.
>
> Enjoy,
>
> - -ME
>
> - -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
> L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
> t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
> - ------END GEEK CODE BLOCK------
> decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
>      Systems Department Operating Systems Analyst for the SSU Library
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE9RsXSnX6uIwdKgeYRAr79AKCRq47Rj9KKaJI7uohwpiNhzQjAiwCeO08Q
> smUhl6jh/k0De3kbAHhojOY=
> =odWk
> -----END PGP SIGNATURE-----
>



More information about the talk mailing list