php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #26415 OpenSSL 0.9.7b is vulnerable
Submitted: 2003-11-25 20:18 UTC Modified: 2004-03-16 18:43 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: dietrich dot ayala at foundstone dot com Assigned: edink (profile)
Status: Closed Package: OpenSSL related
PHP Version: 4.3.4 OS: win32
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-11-25 20:18 UTC] dietrich dot ayala at foundstone dot com 
Description:
------------
the version of openssl shipped w/ php is has known vulnerabilities. php should be updated to the latest version of openssl (0.9.7c).

http://www.openssl.org/news/secadv_20030930.txt

thanks,

dietrich

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-27 11:45 UTC] sniper@php.net 
Edin, take care.. :)
 [2003-12-03 13:43 UTC] dietrich dot ayala at foundstone dot com 
Hi Edin,

Is there any ETA on this? I've tried using the new DLLs but they don't work. Wez said the function signatures may have changed.

Thanks!

Dietrich
 [2004-01-03 18:26 UTC] edink@php.net 
Finally, I managed to find some time to upgrade openssl. The version bundled with the snaps and releases from now on is OpenSSL-0.9.7c.
 [2004-03-15 16:17 UTC] dietrich dot ayala at foundstone dot com 
the latest 4.3.5 snaps are still using version 0.9.7b.

these vulns are widely known and have been in the field for quite a while. it'd be great to get this updated.

thanks so much for your effort edin!
 [2004-03-15 18:14 UTC] sniper@php.net 
Did you really update ALL dlls from the snapshot package?
 [2004-03-16 18:43 UTC] edink@php.net 
The version packed with latest snaps is 0.9.7c.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 08:01:29 2024 UTC