Fyi, I got a response from Sun on patches for the OpenSSL vulnerability (and a vague availability time).
jk -- Jonah Keough Net Admin -----Original Message----- From: Brent Paulson Sent: Thursday, August 01, 2002 9:12 AM Subject: Re: Cobalt RaQs, Apache/OpenSSL patches The Sun Cobalt group are currently working on patches for the issues described above. All Sun Cobalt platforms are affected. A SunAlert is being authored to describe the issues, platforms affected, and the resolution description. Its difficult to predict with accuracy patch dates, but they will most likely become available in another week or so. The SunAlert will be published on SunSolve (http://www.sunsolve.com). We aren't setup to provide continued updates, as that is more of a Sun Service role. Hope this helps. Best regards, Brent Paulson [EMAIL PROTECTED] -----Original Message----- From: Eugene Crosser [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 11:26 AM To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] new openssl vulnerabilities Strictly speking, everything statically linked against openssl libraries needs to be replaced. On a typical Cobalt appliance, this includes Apache and OpenSSH. Thanks to the nice guys from Netherlands, we already have replacement OpenSSH. With Apache, I'm afraid we'll have to wait for Sun to come up with update (or compile it ourselves). If you have applications linked dynamically against openssl libraries, you need to replace the openssl shared libraries, and can leave said applications untouched. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
