about CVE-2008-5077(vulnerability of OpenSSL)
Hello, I'm making the HTTP proxy server that uses boost::asio. Now, I'm anxious about the impacts by CVE-2008-5077(vulnerability of OpenSSL). http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5077 Does anyone have information on the impacts given to boost::asio? Regards, ---------------------------------------------------------------- Shinya TAKEBAYASHI E-mail : makoto@kanon-net.jp GPG ID : FFD20D1F GPG FP : 7B5B E0FC B785 7457 683C 47D6 5564 DDDD FFD2 0D1F CC FP : 7456 70EE 0A68 BC95 B1FC F78F C6A9 3E0E F798 A218 ----------------------------------------------------------------
On Mon, Jan 19, 2009 at 08:10:13PM +0900, Shinya TAKEBAYASHI wrote:
Now, I'm anxious about the impacts by CVE-2008-5077(vulnerability of OpenSSL).
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5077
Does anyone have information on the impacts given to boost::asio?
This is a generic answer pertining to any kind of 3rd-party library: 1. if you distribute your application in binary form that is _statically_ linked to the library in question, you distribute the vulnerability together with the application. Fix: YOU have to distribute updated binaries. 2. if you distribute your application in in source form OR in binary form that is _dynamically_ linked to the library in question, the library version which is found at the user's machine is used. Fix: the USERS have to make sure that they have patched their libraries before compiling or running the program.
Hello,
Zeljko Vrba
*** Subject: Re: [Boost-users] about CVE-2008-5077(vulnerability of OpenSSL) *** Date: 2009/01/20 3:04:58
On Mon, Jan 19, 2009 at 08:10:13PM +0900, Shinya TAKEBAYASHI wrote:
Now, I'm anxious about the impacts by CVE-2008-5077(vulnerability of OpenSSL).
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5077
Does anyone have information on the impacts given to boost::asio?
This is a generic answer pertining to any kind of 3rd-party library:
Thanks for your valuable advice. I'm using that dynamically linking. I announce to users that updating library is required. Regards, ---------------------------------------------------------------- Shinya TAKEBAYASHI E-mail : makoto@kanon-net.jp GPG ID : FFD20D1F GPG FP : 7B5B E0FC B785 7457 683C 47D6 5564 DDDD FFD2 0D1F ----------------------------------------------------------------
participants (2)
-
Shinya TAKEBAYASHI -
Zeljko Vrba