[TCLUG] Worm and openssl

Thu Sep 19 07:13:02 CDT 2002

OK, so I know about the openssl exploit that is out now.  I also know that
I should be running openssl 0.9.6g to fix this problem.

I checked on symantec and redhat's site to see if they have a fix for it,
and I find these articles.

I went to Symantec's site and read about the worm.  Reference
CAN-2002-0656  They say that you should have openssl 0.9.6e or 0.9.6g
installed
http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html

So then I went over to Redhat's site, and they have a link about the
slapper worm on their home page.
http://rhn.redhat.com/errata/RHSA-2002-160.html  In the article they again
reference CAN-2002-0656.  (So I know they are talking about the same worm)
 They say that they fixed their versions of openssl back in the end of
July.  And they provide links to the updated fixes.
http://rhn.redhat.com/errata/RHSA-2002-160.html  Redhat's version of
openssl is 0.9.6b (which is the one that I cam currently running

My question or delema... Since I have RedHat's version of openssl (0.9.6b)
and they say its been fixed, do I still update it and use the openssl
0.9.6g from openssl.org's site or not?