Thanks to Trevor and Jiann-Ming Su. Sorry about posting this again. I just joined this list to find an answer to this. I took a quick scan though the list before I posted, but obviously not a close enough look...
Regards (and thanks again!), Chris -----Original Message----- From: Trevor [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 5:10 PM To: [EMAIL PROTECTED] Subject: RE: Updated Openssl packages from RedHat Chris, This question has been answered many times before on this list (but here it is again)... <http://rhn.redhat.com/errata/RHSA-2002-160.html> contain the latest patches. Back patching was required by RedHat for compatibility with existing software. The "patched/safe" version that everyone is talking about is the tarball version from openssl.org. Here is a list of the latest patched versions from RedHat: openssl-0.9.6b-28 openssl095a-0.9.5a-18 openssl096-0.9.6-13 openssl-0.9.5a-29 openssl-0.9.6-13 Do a "rpm -qa | grep openssl" and compare your redhat package version to one of these. After installing the latest openssl rpm... you can check for yourself to see that the patches have been applied: "rpm -q --changelog openssl | more" Trevor <http://www.gnuguy.com> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Todd, Chris Sent: Friday, September 20, 2002 1:56 PM To: '[EMAIL PROTECTED]' Subject: Updated Openssl packages from RedHat I downloaded and installed the latest Openssl package from RedHat (openssl-0.9.6-13.i386.rpm at http://rhn.redhat.com/errata/RHSA-2002-160.html) that is supposed to fix the bug exploited by the linux.slapper.worm. However, when I click the link on that page to go to cve.mitre.org and read a little more about it, it says that Openssl 0.9.6d and earlier are vulnerable. The package mentioned above appears to install Openssl 0.9.6 as indicated on my server by the command "Openssl version". It also shows the date of that version being 24 Sep 2000 which coincides with the release date of Openssl 0.9.6 (before a, b, c, etc...) on www.openssl.org. So the question I have is.... Is my server protected or not? Any thoughts are appreciated. Thanks, Chris -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
