[LON-CAPA-admin] Re: [LON-CAPA-dev] Fwd: [suse-security-announce] OpenSSH Vulnerability

Martin Siegert siegert at sfu.ca
Wed Jul 3 17:15:27 EDT 2002

Hi Guy,

On Wed, Jul 03, 2002 at 05:00:41PM -0400, Guy Albertelli II wrote:
> Hi Matin,
> > Thus it seems that apache does not even use openssl?? I did not know this.
> Looks like it is just another broken depends in RedHat:
> # ldd /usr/sbin/httpd
>         libm.so.6 => /lib/libm.so.6 (0x40018000)
>         libcrypt.so.1 => /lib/libcrypt.so.1 (0x40035000)
>         libdb.so.3 => /lib/libdb.so.3 (0x40062000)
>         libdl.so.2 => /lib/libdl.so.2 (0x4009c000)
>         libc.so.6 => /lib/libc.so.6 (0x400a0000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

No, I don't think so - although it is confusing that RedHat has actually
two versions of libcrypto on their systems:

- one in /lib which belongs to the glibc rpm
- one in /usr/lib which belongs to openssl

Thus none of the libraries listed by "ldd /usr/sbin/httpd" actually
are from the openssl rpm.
> Of course in never complained about the later version of openssl

And apache probably shouldn't - although I wonder why other rpms did not
complain ...
Anyway, it is good to know that we can upgrade openssl and/or apache
without worrying about one or the other.


More information about the LON-CAPA-admin mailing list