Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Security Update

Posted by michael on from the whoa,-how'd-that-get-in-there dept.

Pseud0 writes "Just announced on the OpenSSL announce mailing list. The affected versions are "[...] OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable." Get your updates here."

2 of 208 comments (clear)

  1. Question by Ender+Ryan · · Score: 3, Interesting
    What is the difference between openssl-engine-0.9.6e.tar.gz and openssl-0.9.6e.tar.gz?

    --
    Sticking feathers up your butt does not make you a chicken - Tyler Durden
  2. Upgrading SSL is nothing like upgrading SSH by tzanger · · Score: 5, Interesting

    I have 18 firewalls to update (I sell these and support them, it's a nice way to suppliment my income). I'm not having much luck updating them though.

    So far (on 5/7 firewalls), updating the ssl libraries caused ssh to kick out. This is very much unlike upgrading ssh, where the currently running sessions would stay active and you just kill off the 'parent' sshd process and restart sshd to upgrade.

    Does anyone know why upgrading the shared lib is kicking out running sessions of ssh linked against it? Short of compiling sshd statically, is there any way around this? So far all the boxes are local but I have a few that are quite a distance and short of enabling telnet with a throwaway root account or statically compiling a temporary sshd, I'm screwed. :-)