I've called RedHat about the "Slapper" worm and it appears that the RHN package 0.9.6b is safe. Below is a response from their support.
__________________________________ Description of your problem: using openssl 0.9.6b from the Red Hat Network. Is this vulnerable from the slapper worm? Our latest response: Re: slapper worm and openssl updates Dear Sir, It looks like I might have misundestood the scenario here. OK. I've verified that the openssl package from the RHN server that you downloaded and installed on your machine already contains the fix for the slapper worm flaw. Red Hat does something called Back Patching for compatibility with existing software. The "patched/safe" version that everyone is talking about is the tarball version. But just to be really sure, I'll escalate this one to one of our Senior Support Engineers. Feel free to write or call us back. Regards, Roderick "Erik" Tapang Status: Wait on Tech ---------------------------------------------------- This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of the company. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
