288-1: openssl and stunnel
Todays security advisory about openssl speaks about possibly breaking
Unfortunately, RSA blinding is not thread-safe and will cause failures
for programs that use threads and OpenSSL such as stunnel. However,
since the proposed fix would change the binary interface (ABI),
programs that are dynamically linked against OpenSSL won't run
anymore. This is a dilemma we can't solve.
As I use stunnel I wonder what these problems might be. I've updated my
testing machine which is set up similar to my production server and
didn't find a problem yet. But my testing possibilities are limited on
I haven't seen any warnings about breaking other applications in the
advisories of SuSE, Mandrake and RedHat. Don't they tell people about
the possible issues of this update or did they do something differently?