[Pkg-openssl-devel] Re: [jaenicke@openssl.org: Re: Potential
security hole in openssl]
Julian Gilbey
jdg at polya.uklinux.net
Fri Mar 2 08:42:59 CET 2007
On Fri, Mar 02, 2007 at 12:56:32AM +0100, Bodo Moeller wrote:
> Can you link the application with libefence.a? If done correctly,
> this will make it a lot slower; but more importantly, quite possibly
> you'll observe a segmentation fault earlier in the program flow:
Will try to have a go over the weekend. Some of you will have seen
the email by Kurt Roeckx where he found a bug in proxytunnel; fixing
this fixes the problem. However, it is still unclear to me whether
there is also a bug in openssl which is potentially exploitable.
The patch by Kurt is attached.
Julian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: proxy-tunnel-io.diff
Type: text/x-diff
Size: 330 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20070302/eb76a521/proxy-tunnel-io.bin
More information about the Pkg-openssl-devel
mailing list