Re: 288-1: openssl and stunnel

To: debian-security@lists.debian.org
Subject: Re: 288-1: openssl and stunnel
From: Andreas Barth <aba-debian@not.so.argh.org>
Date: Sat, 19 Apr 2003 19:08:25 +0200
Message-id: <[🔎] 20030419170825.GA600@mails.so.argh.org>
In-reply-to: <[🔎] 3E9EF2EA.4050900@gmx.net>
References: <[🔎] 3E9EF2EA.4050900@gmx.net>

* Arthur van Dorp (arthur_vd@gmx.net) [030417 21:20]:
> Todays security advisory about openssl speaks about possibly breaking
> existing applications:

> >Unfortunately, RSA blinding is not thread-safe and will cause failures
> >for programs that use threads and OpenSSL such as stunnel.  However,
> >since the proposed fix would change the binary interface (ABI),
> >programs that are dynamically linked against OpenSSL won't run
> >anymore.  This is a dilemma we can't solve.
 
> As I use stunnel I wonder what these problems might be. I've updated my
> testing machine which is set up similar to my production server and
> didn't find a problem yet. But my testing possibilities are limited on
> this machine.

I also don't have a problem with stunnel (standard woody) and the
upgraded OpenSSL libs.


Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C
   Fachbegriffe des Schienenverkehrs #1         von Marc Haber in dasr
   Alles wird billiger: 50 % Preiserhöhung für Stammkunden.

Reply to:

References:
- 288-1: openssl and stunnel
  - From: Arthur van Dorp <arthur_vd@gmx.net>

Prev by Date: Interesting iptables
Next by Date: chkrootkit output questions
Previous by thread: 288-1: openssl and stunnel
Next by thread: Re: 288-1: openssl and stunnel
Index(es):
- Date
- Thread