On 17 Sep 2002, Gordon Messmer wrote: > On Tue, 2002-09-17 at 11:26, Jiann-Ming Su wrote: > > Does RH have an updated RPMS to secure this vulnerablility? I'm currently > > running RH7.3 with the latest updates from rhn: > .... > > However, the .bugtraq.c source code was left in my /tmp directory. > > That sounds bad. When did you apply the updates? Did you, afterward, > *restart* the apache server? >
I think the latest openssl from (0.9.6b-28) was releaseed at the end of July. I've done regular up2dates on a weekly basis. I'm not sure that I restarted httpd immediately after updating, but the last time it was restarted was Aug 21. The datestamp on the .bugtraq.c file is Sep 14 13:05. It looks like they dumped an uuencoded version (.uubugtraq) and somehow uudecoded it. Again, I don't think it was compiled. Strange thing is, my two other RH7.2 and one other 7.3 systems have not been compromised. -- Jiann-Ming Su [EMAIL PROTECTED] 404-712-2603 Development Team Systems Administrator General Libraries Systems Division -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
