Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
On Mon, Feb 24, 2003 at 07:41:20PM -0500, Raymond Wood wrote:
> > For the unstable distribution (sid) this problem has been fixed in
> > version 0.9.7a-1.
> >
> > We recommend that you upgrade your openssl packages.
> [snip]
>
> On sid/unstable, I have installed all the recommended patches,
> including installing libssl0.9.7 (version 0.9.7a-1).
>
> I notice, however, that the old version i.e.
> ii libssl0.9.6 0.9.6i-1 SSL shared libraries (old version)
> is still installed. Furthermore there are a large number of
> installed software packages that show dependencies on the old
> version of libssl.
>
> Am I (potentially) vulnerable by virtue of have the old version
> above still installed on my system?
Read /usr/share/doc/libssl0.9.6/changelog.Debian.gz.
--
- mdz
Reply to: