On Tue, 2002-07-30 at 21:05, Gerald Waugh wrote: > On Tue, 30 Jul 2002, Paul Jacobs wrote: > > > > Are you sure about that gerald? > > > YES
Strictly speking, everything statically linked against openssl libraries needs to be replaced. On a typical Cobalt appliance, this includes Apache and OpenSSH. Thanks to the nice guys from Netherlands, we already have replacement OpenSSH. With Apache, I'm afraid we'll have to wait for Sun to come up with update (or compile it ourselves). If you have applications linked dynamically against openssl libraries, you need to replace the openssl shared libraries, and can leave said applications untouched. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
