On Tue Jul 30, 2002 at 02:42:12PM -0300, Ademar de Souza Reis Jr. wrote:
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
[EMAIL PROTECTED] and
On Tue, Jul 30, 2002 at 10:49:19AM -0700, Kim, Peter wrote:
Will there be a patch for even older version such as 0.9.3?
No. 0.9.3 is completely outdated and we don't see any sense in spending
time to backport to these versions.
Best regards,
Lutz
--
Lutz Jaenicke
Hello all,
I am using OpenSSH with OpenSSL(0.9.6d)
What is the impact of this OpenSSL vulnerability in openssh?
Anyone have answers.Please share.
Thanks
kumaresh.
__
OpenSSL Project
In message 00ef01c2388a$0ecaa8c0$390110ac@kovaiteam on Wed, 31 Jul 2002 17:29:32
+0530, kumar [EMAIL PROTECTED] said:
kumaresh_ind Hello all,
kumaresh_ind I am using OpenSSH with OpenSSL(0.9.6d)
kumaresh_ind What is the impact of this OpenSSL vulnerability in openssh?
kumaresh_ind Anyone have
These patches are known to apply correctly but have not been
thoroughly tested.
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL. It might be acceptable for process-per-connection
situations like Apache, but when one process serves many connections
These patches are known to apply correctly but have not been
thoroughly tested.
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL. It might be acceptable for process-per-connection
situations like Apache, but when one process serves many
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
reference count is less than zero, which is a can't happen condition.
the new patches that fix various buffer overflows in
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
reference count is less than zero, which is a can't happen condition.
/r$
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
reference count is less than zero, which is a can't happen condition.
/r$
Or when the new OpenSSLDie() is called.
On Tue, Jul 30, 2002 at 03:50:17PM +0300, Arne Ansper wrote:
These patches are known to apply correctly but have not been
thoroughly tested.
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Not quite. The attacks against known holes are
the new patches that fix various buffer overflows in SSL code call abort()
anytime attacker wants.
Sorry, I should read all my email first.
You're right, of course.
__
OpenSSL Project
I've looked at the differences between the 0.9.5a and the official patch and i
found
that the following portion of asn1_lib.c patch is not in 0.9.5a one althoug the
code
is already in 0.9.5a source code.
Do you have an explanation ?
Please cc me for any reply, i'm not subscribe to
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
[EMAIL PROTECTED] and the remainder by Vincent Danen (email not
supplied).
Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
These
Will there be a patch for even older version such as 0.9.3?
Thanks.
Peter K.
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 3:15 AM
To: OpenSSL Announce; Bugtraq; OpenSSL Dev; [EMAIL PROTECTED]
Subject: OpenSSL patches for other versions
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
[EMAIL PROTECTED] and the remainder by Vincent Danen (email not
supplied).
Patches are for
15 matches
Mail list logo
