On Fri, 20 Sep 2002, Todd, Chris wrote: > I downloaded and installed the latest Openssl package from RedHat > (openssl-0.9.6-13.i386.rpm at > http://rhn.redhat.com/errata/RHSA-2002-160.html) that is supposed to fix the > bug exploited by the linux.slapper.worm. However, when I click the link on > that page to go to cve.mitre.org and read a little more about it, it says > that Openssl 0.9.6d and earlier are vulnerable. The package mentioned above > appears to install Openssl 0.9.6 as indicated on my server by the command > "Openssl version". It also shows the date of that version being 24 Sep 2000 > which coincides with the release date of Openssl 0.9.6 (before a, b, c, > etc...) on www.openssl.org. > So the question I have is.... > Is my server protected or not? > Any thoughts are appreciated. > Thanks, > Chris >
Read through this week's archives. There's already been a discussion over this initiated by my own ignornace. Search for CERT, worm, openssl, etc. But, the short answer is yes. The 0.9.6b-28 rpm package from RedHat is not vulnerable to the worm. They backported the patch. In fact, the RH fix has been out since Aug 5th. -- Jiann-Ming Su [EMAIL PROTECTED] 404-712-2603 Development Team Systems Administrator General Libraries Systems Division -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
