That's exactly why I contacted RedHat... They don't have information anywhere about the worm on their web site. I received a response back from a higher level tech support person at RedHat confirming that the up2date openssl package 0.9.6b-28 is safe. (see RedHat's response below)
Dear Sir, We apologize for the delay. Our Escalation point has responded and he said that the latest openssl update (the one that you have installed) is not vulnerable to the slapper worm. Red Hat Developers have already patched the package against the exploit used by the slapper worm. Regards, Erik -----Original Message----- From: Anthony E. Greene [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 10:14 AM To: [EMAIL PROTECTED] Subject: Re: Slapper Worm on openssl 0.9.6b *** PGP Signature Status: good *** Signer: Anthony E. Greene <[EMAIL PROTECTED]> (Invalid) *** Signed: 9/18/2002 10:13:57 AM *** Verified: 9/18/2002 1:06:20 PM *** BEGIN PGP VERIFIED MESSAGE *** On 18-Sep-2002/07:42 -0700, Nick White <[EMAIL PROTECTED]> wrote: >I've called RedHat about the "Slapper" worm and it appears that the RHN >package 0.9.6b is safe. [snip] Specifically 0.9.6b-28. Earlier 0.9.6b packages (ie; 0.9.6b-24 and 0.9.6b-8) may not have the fix for this vulnerability. I really wish RH would make some kind of explicit announcement about this. Tony -- Anthony E. Greene <mailto:[EMAIL PROTECTED]> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/> Linux: the choice of a GNU Generation. <http://www.linux.org/> *** END PGP VERIFIED MESSAGE *** This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of the company. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
