> [Please upgrade OpenSSL on all platforms -- Raju] >
[...]
Who is affected? ----------------
All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.
Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations ---------------
Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
There I go recompiling apache again!!!!! Just did that yesterday!!!!! :(((((
BTW, mod_ssl is unlikely to use static linking? So can I just recompile and hope that the ssl applications after restarting wont notice?
- Sandip
-- Sandip Bhattacharya http://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com
_______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
