[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL update.. still giving me a Vulnerable status

> >> No, it checks a large and a small overflow. Jeroen, have you restarted
> >> the httpd? If not, it is still running with the old library.
> > I shut the whole apache down (both http and http-ssl).
> Oh, in this case, I am really interested in the data Lupe suggested to
> collect.  There might be a false positive here.  However, a clean
> woody installation results in the expected answer (even if Apache-SSL
> is used), so this is really worth close inspection.
> So far I've seen two other reports of such an inconsistency.  The
> first one could be tracked down to a self-compiled Apache running on
> the machine, the second one is still open.
The following was happening :

1) the packages where the right version (dpkg reported them correct
2) but the libs of the ssl packages where from the wrong version.
3) I did an apt-get dist-upgrade   (again, even do I already had done that).
4) And there it went, catching the same ssl packages that he already
5) I restarted apache / ssl  just to be sure.
6) When checking the libs they were the correct version, when running the
     program he gave the correct answere.

So to analyse what could have been wrong..... is that dpkg might have
everything went ok for installation but it didn't....

But it is working correct, so I am a  happy man !!

Thanks for all the help,

Jeroen de Leeuw den Bouter
the world downunder.. but still on top.

Net Ventures... the mayor league for internet broadcasts.

Reply to: