On Fri, 2002-08-02 at 01:52, davidblack wrote: > "Eugene Crosser" <[EMAIL PROTECTED]> wrote .. > > > > > How can I tell - which applications are running openssl shared > > libraries? > > > > > > > > If you don't know about them, the chances are that you don't have any. > > > > If you did not install openssl from rpm or from the source, you > > definitely > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > don't have any. > > ^^^^^^^^^^^^^^^ > > > > > > > > If you, for example, compiled stunnel or SSL IMAPd, you might have > > > > made then dynamically linked. > > > > > > > > > Thanks for the reply. > > > I installed OpenSSH from PkgMaster.com, but I can't recall > > > which other apps I might have installed, from RPM or source. > > > Is there any way to tell, if anything is using the shared libs? > > > > See above. If you are still not sure, look if you have openssl shared > > libs > > at all. If you don't, then there cannot be applications dynamically linked > > against them 8-O Run "locate libssl" and see if there is any output. > > > > Eugene > > > Apparently, I do have the shared libs. Now what? > > [root /root]# locate libssl > /lib/libssl.so.0.9.6b > /lib/libssl.so.2 > /usr/lib/apache/libssl.so > /usr/local/ssl/lib/libssl.a > /usr/local/openssl-0.9.6b/libssl.a > [root /root]#
The fact that you have /usr/local/openssl-0.9.6b directory suggests that you compiled the thing from source. Grab 0.9.6e, build and install it. Since it was not installed from rpm, there is no way to find which programs may use it other than recall which ones you compiled yourself. Check if any of them are statically linked against openssl, and rebuild. Just for case, check if you installed openssl from rpm, run this command: rpm -qa|grep openssl If the only thing you see is "apache-openssl-1.3.20-RaQ4_1C3" then you did not. If you see something like this: openssl-perl-0.9.6b-XX openssl-0.9.6b-XX openssl-devel-0.9.6b-XX then you did. It is my undestanding that the vulnerability was fixed in the version with 'XX' = '24'. Grab and install appropriate rpms. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
