Lon, This question has been answered many times before (but here it is again)...
<http://rhn.redhat.com/errata/RHSA-2002-160.html> contain the latest patches. Back patching was required by RedHat for compatibility with existing software. The "patched/safe" version that everyone is talking about is the tarball version from openssl.org. Here is a list of the latest patched versions from RedHat: openssl-0.9.6b-28 openssl095a-0.9.5a-18 openssl096-0.9.6-13 openssl-0.9.5a-29 openssl-0.9.6-13 Do a "rpm -qa | grep openssl" and compare your redhat package version to one of these. Trevor <http://www.gnuguy.com> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lon Lentz Sent: Tuesday, September 17, 2002 3:03 PM To: [EMAIL PROTECTED] Subject: RE: New CERT Advisory on Apache/mod_ssl? Wasn't the fix in 0.9.6e and later? The latest rpm available is b. Is there no sense of urgency from Redhat? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jiann-Ming Su Sent: Tuesday, September 17, 2002 4:19 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: New CERT Advisory on Apache/mod_ssl? I think the latest openssl from (0.9.6b-28) was releaseed at the end of July. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
