Hello Gerry, Are you sure that the latest release from Red Hat does not secure your system to your satisfaction? Red Hat has their own version definitions which do not translate back to the Apache releases at Apache.org. The "-11" bit in the RH version: httpd-2.0.40-11.i386.rpm (from the latest errata package at:
( https://rhn.redhat.com/errata/RHSA-2002-222.html ) is a custom RH only mechanism to identify releases. Since there is no way to correlate this back to Apache.org releases that I can see, you should read the errata page carefully to be sure that the issues that you are concerned about have been addressed. I am told that you can also download the .src.rpm and there will be a detailed change log for the package. On this particular package the date of the errata listed at the page above is a bit of a mystery. It was actually released on Dec 17th. It appears that RH backdates the errata pages for some reason which is unclear to me. There may be a good reason, but I just don' know what it is. Regards, Mike Klinke On Tuesday 31 December 2002 16:06, grenoml wrote: > There are some security holes with the version of Apache > webserver (httpd-2.0.40) that ships with RedHat 8.0. There are also > security holes with regard to the RH8 OpenSSL version 0.96b (need > 0.96h or later to plug them). There are also issues with Apache > mod_jk2 versions that are only compatible with httpd-2.0.42 or .43. > I ran up2date but there are only the same versions of these > applications available. I would like to upgrade to at least OpenSSL > 0.96h and Apache httpd-2.0.43 on my RH8 system to close these > security holes and to take advantage of mod_jk2 improvements. How > can I do this and still retain the proper package dependencies in the > RPM database? When I do a rpm -q --whatrequires on openssl I see a > number of packages. If I just download the source for a newer > version of openssl and build it how do I install it and not mess > things up in the RPM world? > > Thanks, > Gerry Reno > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
