On Thu, 2002-09-19 at 06:53, Mike Busse wrote:
> OK, so I know about the openssl exploit that is out now.  I also know that
> I should be running openssl 0.9.6g to fix this problem.
> 
> I checked on symantec and redhat's site to see if they have a fix for it,
> and I find these articles.
> 
> I went to Symantec's site and read about the worm.  Reference
> CAN-2002-0656  They say that you should have openssl 0.9.6e or 0.9.6g
> installed
> http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html
> 
> So then I went over to Redhat's site, and they have a link about the
> slapper worm on their home page.
> http://rhn.redhat.com/errata/RHSA-2002-160.html  In the article they again
> reference CAN-2002-0656.  (So I know they are talking about the same worm)
>  They say that they fixed their versions of openssl back in the end of
> July.  And they provide links to the updated fixes.
> http://rhn.redhat.com/errata/RHSA-2002-160.html  Redhat's version of
> openssl is 0.9.6b (which is the one that I cam currently running
> 
> My question or delema... Since I have RedHat's version of openssl (0.9.6b)
> and they say its been fixed, do I still update it and use the openssl
> 0.9.6g from openssl.org's site or not?

Use RedHat's update. They just took the source patch and applied it to
their own source tree, leaving the version number/letter the same. They
leave the version number the same so as not to break any rpm
dependencies. Mandrake does the same thing.

-- 
Dave Sherman        |     "They that can give up essential liberty
MCSE, MCSA, CCNA    |       to obtain a little temporary safety
                    |       deserve neither liberty nor safety."
                    |        - Benjamin Franklin (1706 - 1790)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020919/8e89fe6d/attachment.pgp