l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2002 Jul 30 16:48

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Holes found in OpenSSL...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Holes found in OpenSSL...



Hello LUG members,

Posts have been made to Bugtraq about multiple holes found in OpenSSL that
could lead to remote exploits and root access. Projects compiled with
OpenSSL (mod_ssl, Apache_ssl, openssh, etc) are suggested for upgrades to
new ones. Since OpenSSL is a library, other packages that include code
from OpenSSL may need to be recompiled after you have recompiled and
installed OpenSSL.

Reference / citation:
http://online.securityfocus.com/archive/1/285022/2002-07-27/2002-08-02/0

If you have only used pre-packaged binaries from your favorite Linux
Dirstro, you can do one of several things:
1) Wait for your vendor to release new packages. (Some vendors have
notices on upgrading packages.)
2) Ditch your local installs and build your own services (lots of work)
3) Do nothing (bad idea)

If you are a build your own stuff, then you will want to get your own
copies of OpenSSL. The http://www.openssl.org/ website is really busy and
has been up/down for a while. I found the dl paths for the two latest
files. Find a mirror, or use wget (or similar) and point it to one of
these URLs:

http://www.openssl.org/source/openssl-0.9.6e.tar.gz
http://www.openssl.org/source/openssl-0.9.7-beta3.tar.gz

So, watch for updates from your vendor and/or build your own libs and
applictions that use those libs.

Enjoy,

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library



----- End forwarded message -----

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library

Attachment: pgp00009.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.