Jacques A. Vidrine wrote: > On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > >>Is it true that (dynamic) binaries are vulnerable if and only if they are >>linked with libssl.so.3, not with libcrypt or libcrypto? > > > Yes, the bug is in libssl. No, the libssl library might as well be compiled in statically into an otherwise dynamic binary. So, if a dynamic binary is not linked with libssl.so.*, it isn't a reliable indicator of a vulnerability. -- Lev Walkin vlm@netli.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"