I downloaded and installed the latest Openssl package from RedHat (openssl-0.9.6-13.i386.rpm at http://rhn.redhat.com/errata/RHSA-2002-160.html) that is supposed to fix the bug exploited by the linux.slapper.worm. However, when I click the link on that page to go to cve.mitre.org and read a little more about it, it says that Openssl 0.9.6d and earlier are vulnerable. The package mentioned above appears to install Openssl 0.9.6 as indicated on my server by the command "Openssl version". It also shows the date of that version being 24 Sep 2000 which coincides with the release date of Openssl 0.9.6 (before a, b, c, etc...) on www.openssl.org. So the question I have is.... Is my server protected or not? Any thoughts are appreciated. Thanks, Chris
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
