[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability

On Mon, Feb 24, 2003 at 07:41:20PM -0500, Raymond Wood wrote:

> > For the unstable distribution (sid) this problem has been fixed in
> > version 0.9.7a-1.
> > 
> > We recommend that you upgrade your openssl packages.
> [snip]
> On sid/unstable, I have installed all the recommended patches,
> including installing libssl0.9.7 (version 0.9.7a-1).
> I notice, however, that the old version i.e.
>   ii  libssl0.9.6      0.9.6i-1         SSL shared libraries (old version)
> is still installed.  Furthermore there are a large number of
> installed software packages that show dependencies on the old
> version of libssl.
> Am I (potentially) vulnerable by virtue of have the old version
> above still installed on my system?

Read /usr/share/doc/libssl0.9.6/changelog.Debian.gz.

 - mdz

Reply to: