had to recompile both php and apache to get the updated linkage...
--Jon
Honza Vlach wrote:
Hello, I have upgraded my servers to latest OpenSSL version (0.9.7d) and restarted all daemons linked to it. Still, I'm a bit confused about what else should I recompile.
I have checked apache mod_ssl and php module, which are both dynamically
linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I
look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it
was compiled against.
Does this mean, that I'm still vulnerable, or it is just version hardcoded to the binary, while the library itself was sucessfully reloaded?
What should be recompiled when there is new OpenSSL version issued?
Have a nice day, Honza Vlach
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
