[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

288-1: openssl and stunnel

Todays security advisory about openssl speaks about possibly breaking existing applications:

Unfortunately, RSA blinding is not thread-safe and will cause failures
for programs that use threads and OpenSSL such as stunnel.  However,
since the proposed fix would change the binary interface (ABI),
programs that are dynamically linked against OpenSSL won't run
anymore.  This is a dilemma we can't solve.

As I use stunnel I wonder what these problems might be. I've updated my testing machine which is set up similar to my production server and didn't find a problem yet. But my testing possibilities are limited on this machine.

I haven't seen any warnings about breaking other applications in the advisories of SuSE, Mandrake and RedHat. Don't they tell people about the possible issues of this update or did they do something differently?



Reply to: