In message <00ef01c2388a$0ecaa8c0$390110ac@kovaiteam> on Wed, 31 Jul 2002 17:29:32
+0530, "kumar" <[EMAIL PROTECTED]> said:
kumaresh_ind> Hello all,
kumaresh_ind> I am using OpenSSH with OpenSSL(0.9.6d)
kumaresh_ind> What is the impact of this OpenSSL vulnerability in openssh?
kumaresh_ind> Anyo
Hello all,
I am using OpenSSH with OpenSSL(0.9.6d)
What is the impact of this OpenSSL vulnerability in openssh?
Anyone have answers.Please share.
Thanks
kumaresh.
__
OpenSSL Project http://www.open
On Tue, Jul 30, 2002 at 10:49:19AM -0700, Kim, Peter wrote:
> Will there be a patch for even older version such as 0.9.3?
No. 0.9.3 is completely outdated and we don't see any sense in spending
time to backport to these versions.
Best regards,
Lutz
--
Lutz Jaenicke
On Tue Jul 30, 2002 at 02:42:12PM -0300, Ademar de Souza Reis Jr. wrote:
> On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
> > Enclosed are patches for today's OpenSSL security alert which apply to
> > other versions. The patch for 0.9.7 is supplied by Ben Laurie
> > <[EMAIL PROTECTED
Will there be a patch for even older version such as 0.9.3?
Thanks.
Peter K.
> -Original Message-
> From: Ben Laurie [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 30, 2002 3:15 AM
> To: OpenSSL Announce; Bugtraq; OpenSSL Dev; [EMAIL PROTECTED]
> Subject: OpenSSL pa
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
> Enclosed are patches for today's OpenSSL security alert which apply to
> other versions. The patch for 0.9.7 is supplied by Ben Laurie
> <[EMAIL PROTECTED]> and the remainder by Vincent Danen (email not
> supplied).
>
> Patches are for
I've looked at the differences between the 0.9.5a and the official patch and i
found
that the following portion of asn1_lib.c patch is not in 0.9.5a one althoug the
code
is already in 0.9.5a source code.
Do you have an explanation ?
Please cc me for any reply, i'm not subscribe to openssl-dev
> the new patches that fix various buffer overflows in SSL code call abort()
> anytime attacker wants.
Sorry, I should read all my email first.
You're right, of course.
__
OpenSSL Project http
On Tue, Jul 30, 2002 at 03:50:17PM +0300, Arne Ansper wrote:
>> These patches are known to apply correctly but have not been
>> thoroughly tested.
> As I understand it, OpenSSL will call abort() when it detects attack
> against any hole in SSL.
Not quite. The attacks against known holes are sh
> > As I understand it, OpenSSL will call abort() when it detects attack
> > against any hole in SSL.
>
> Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
> reference count is less than zero, which is a "can't happen" condition.
> /r$
>
Or when the new OpenSSLDie() is
> As I understand it, OpenSSL will call abort() when it detects attack
> against any hole in SSL.
Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
reference count is less than zero, which is a "can't happen" condition.
/r$
> > As I understand it, OpenSSL will call abort() when it detects attack
> > against any hole in SSL.
>
> Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
> reference count is less than zero, which is a "can't happen" condition.
the new patches that fix various buffer overfl
>
>
> > These patches are known to apply correctly but have not been
> > thoroughly tested.
>
> As I understand it, OpenSSL will call abort() when it detects attack
> against any hole in SSL. It might be acceptable for process-per-connection
> situations like Apache, but when one process serves
> These patches are known to apply correctly but have not been
> thoroughly tested.
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL. It might be acceptable for process-per-connection
situations like Apache, but when one process serves many connection
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
<[EMAIL PROTECTED]> and the remainder by Vincent Danen (email not
supplied).
Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
These pat
15 matches
Mail list logo
