Re: 288-1: openssl and stunnel
* Arthur van Dorp (arthur_vd@gmx.net) [030417 21:20]:
> Todays security advisory about openssl speaks about possibly breaking
> existing applications:
> >Unfortunately, RSA blinding is not thread-safe and will cause failures
> >for programs that use threads and OpenSSL such as stunnel. However,
> >since the proposed fix would change the binary interface (ABI),
> >programs that are dynamically linked against OpenSSL won't run
> >anymore. This is a dilemma we can't solve.
> As I use stunnel I wonder what these problems might be. I've updated my
> testing machine which is set up similar to my production server and
> didn't find a problem yet. But my testing possibilities are limited on
> this machine.
I also don't have a problem with stunnel (standard woody) and the
upgraded OpenSSL libs.
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Fachbegriffe des Schienenverkehrs #1 von Marc Haber in dasr
Alles wird billiger: 50 % Preiserhöhung für Stammkunden.
Reply to: