Bugtraq mailing list archives
Re: OpenSSL Vulnerabilities
From: troy <fryman () sonic net>
Date: Thu, 1 Aug 2002 23:34:53 -0700
On Wed, Jul 31, 2002 at 09:29:14PM +0000, Tina Bird wrote:
The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are all producing server-side software: http://www.cert.org/advisories/CA-2002-23.html Does anyone know if Netscape, Opera, Internet Explorer or any of the other browsers are vulnerable to these issues?
This from a post by Opera developer Espen Sand on news://opera.linux :
From: Espen Sand <espen () opera com> Newsgroups: opera.linux Subject: Re: openssl bug also in Opera? Date: Wed, 31 Jul 2002 15:37:17 +0200 Message-ID: <3D47E80D.93BA4EE6 () opera com> References: <3D47BD5D.A2A03F8F () informatik uni-kiel de> Frank Steiner wrote:Hi, is Opera affected by the openssl bug that was just announced, or do you use a different SSL implementation?I asked our security master and here is the reply: <reply> The only relevant part for Opera is the ANS1 issue in the second advisory. The other information concerns their SSL implementation, code that we are not using at all. I have the relevant patches but I do not believe the patches are vital for anything but 64-bit systems. The affected buffers in our code are 16 bytes long, and would in the patched version become 12 bytes long for 32 bit ints/longs and pointers. These problems will in any case be fixed when I upgrade to the newest OpenSSL 0.9.7 release (presently in beta 3) on main branch. </reply> -- Espen Sand espen () opera com
hth -troy
Current thread:
- OpenSSL Vulnerabilities Tina Bird (Aug 01)
- Re: OpenSSL Vulnerabilities troy (Aug 02)
- Re: OpenSSL Vulnerabilities Eric Rescorla (Aug 02)
- Re: OpenSSL Vulnerabilities Patrick Brauch (Aug 15)
- Re: OpenSSL Vulnerabilities Sami Dalouche (Aug 15)
- Re: OpenSSL Vulnerabilities Patrick Brauch (Aug 15)
- RE: OpenSSL Vulnerabilities Josh Welch (Aug 02)