Andreas Haumer wrote:
I just tried to upgrade from openssl-0.9.7g to 0.9.7h
and noticed that my openssh-4.2p1 server and clients now
crash with segfault with the new openssl shared library!
I tested this on two installations and both had this problem.
Re-compiling the openssh sources against the new openssl
library headers seems to cure the problem, but still this
is an unfortunate situation as a lot of other packages
depend on the openssl libraries. I don't want to risk
system stability by installing security updates... ;-)
I did a quick test with some other major packages (squid,
sendmail, bind, apache, cyrus-imapd), but only openssh
seems to be affected so far.
This is under linux with glibc-2.3.5
What distribution of Linux are you using? openssl is one of those
packages you might not want to replace if you want to stay in sync with
your distribution's security/bugfix updates. In many cases, you should
ignore the version of a package because the maintainers will backport
security fixes without updating the version string. This is very common
with openssl.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
