php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26415 OpenSSL 0.9.7b is vulnerable
Submitted: 2003-11-25 20:18 UTC Modified: 2004-03-16 18:43 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: dietrich dot ayala at foundstone dot com Assigned: edink
Status: Closed Package: OpenSSL related
PHP Version: 4.3.4 OS: win32
Private report: No CVE-ID:
 [2003-11-25 20:18 UTC] dietrich dot ayala at foundstone dot com
Description:
------------
the version of openssl shipped w/ php is has known vulnerabilities. php should be updated to the latest version of openssl (0.9.7c).

http://www.openssl.org/news/secadv_20030930.txt

thanks,

dietrich



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-27 11:45 UTC] sniper@php.net
Edin, take care.. :)

 [2003-12-03 13:43 UTC] dietrich dot ayala at foundstone dot com
Hi Edin,

Is there any ETA on this? I've tried using the new DLLs but they don't work. Wez said the function signatures may have changed.

Thanks!

Dietrich
 [2004-01-03 18:26 UTC] edink@php.net
Finally, I managed to find some time to upgrade openssl. The version bundled with the snaps and releases from now on is OpenSSL-0.9.7c.
 [2004-03-15 16:17 UTC] dietrich dot ayala at foundstone dot com
the latest 4.3.5 snaps are still using version 0.9.7b.

these vulns are widely known and have been in the field for quite a while. it'd be great to get this updated.

thanks so much for your effort edin!
 [2004-03-15 18:14 UTC] sniper@php.net
Did you really update ALL dlls from the snapshot package?

 [2004-03-16 18:43 UTC] edink@php.net
The version packed with latest snaps is 0.9.7c.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC