[LON-CAPA-admin] Re: [LON-CAPA-dev] Fwd: [suse-security-announce] OpenSSH Vulnerability
Martin Siegert
siegert at sfu.ca
Wed Jul 3 17:15:27 EDT 2002
Hi Guy,
On Wed, Jul 03, 2002 at 05:00:41PM -0400, Guy Albertelli II wrote:
> Hi Matin,
>
> > Thus it seems that apache does not even use openssl?? I did not know this.
>
> Looks like it is just another broken depends in RedHat:
> # ldd /usr/sbin/httpd
> libm.so.6 => /lib/libm.so.6 (0x40018000)
> libcrypt.so.1 => /lib/libcrypt.so.1 (0x40035000)
> libdb.so.3 => /lib/libdb.so.3 (0x40062000)
> libdl.so.2 => /lib/libdl.so.2 (0x4009c000)
> libc.so.6 => /lib/libc.so.6 (0x400a0000)
> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
No, I don't think so - although it is confusing that RedHat has actually
two versions of libcrypto on their systems:
- one in /lib which belongs to the glibc rpm
- one in /usr/lib which belongs to openssl
Thus none of the libraries listed by "ldd /usr/sbin/httpd" actually
are from the openssl rpm.
>
> Of course in never complained about the later version of openssl
And apache probably shouldn't - although I wonder why other rpms did not
complain ...
Anyway, it is good to know that we can upgrade openssl and/or apache
without worrying about one or the other.
Cheers,
Martin
More information about the LON-CAPA-admin
mailing list