[Full-Disclosure] OpenSSL - dynamically linked binaries?
janus at volny.cz
Mon Mar 22 09:27:12 GMT 2004
I have upgraded my servers to latest OpenSSL version (0.9.7d) and
restarted all daemons linked to it. Still, I'm a bit confused about what
else should I recompile.
I have checked apache mod_ssl and php module, which are both dynamically
linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I
look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it
was compiled against.
Does this mean, that I'm still vulnerable, or it is just version
hardcoded to the binary, while the library itself was sucessfully
What should be recompiled when there is new OpenSSL version issued?
Have a nice day,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040322/b9585023/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.