On Thu, 2002-09-19 at 06:53, Mike Busse wrote: > OK, so I know about the openssl exploit that is out now. I also know that > I should be running openssl 0.9.6g to fix this problem. > > I checked on symantec and redhat's site to see if they have a fix for it, > and I find these articles. > > I went to Symantec's site and read about the worm. Reference > CAN-2002-0656 They say that you should have openssl 0.9.6e or 0.9.6g > installed > http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html > > So then I went over to Redhat's site, and they have a link about the > slapper worm on their home page. > http://rhn.redhat.com/errata/RHSA-2002-160.html In the article they again > reference CAN-2002-0656. (So I know they are talking about the same worm) > They say that they fixed their versions of openssl back in the end of > July. And they provide links to the updated fixes. > http://rhn.redhat.com/errata/RHSA-2002-160.html Redhat's version of > openssl is 0.9.6b (which is the one that I cam currently running > > My question or delema... Since I have RedHat's version of openssl (0.9.6b) > and they say its been fixed, do I still update it and use the openssl > 0.9.6g from openssl.org's site or not? Use RedHat's update. They just took the source patch and applied it to their own source tree, leaving the version number/letter the same. They leave the version number the same so as not to break any rpm dependencies. Mandrake does the same thing. -- Dave Sherman | "They that can give up essential liberty MCSE, MCSA, CCNA | to obtain a little temporary safety | deserve neither liberty nor safety." | - Benjamin Franklin (1706 - 1790) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020919/8e89fe6d/attachment.pgp