Re: latest openssl vulnerability
Jacques A. Vidrine wrote:
> On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote:
>
>>Is it true that (dynamic) binaries are vulnerable if and only if they are
>>linked with libssl.so.3, not with libcrypt or libcrypto?
>
>
> Yes, the bug is in libssl.
No, the libssl library might as well be compiled in statically into an
otherwise dynamic binary. So, if a dynamic binary is not linked with
libssl.so.*, it isn't a reliable indicator of a vulnerability.
--
Lev Walkin
vlm@netli.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 5 篇):