James, If you examine the SRPMs on RedHat's Site, you will see that the patches for this exploit were back-ported and applied when the exploit was discovered in July. That is why the RPM's pre-date the worm, which was apparently written AFTER the exploit was discovered.
RedHat often back-ports security patches to earlier, generally better-tested versions of packages. Often it's safer to back-port a security patch than to roll out a new, untested version which incorporates the patch. So, just apply the RPM that is on the RedHat site. =Scott On Fri, 20 Sep 2002 13:35:56 +0100 "James Wilson" <[EMAIL PROTECTED]> wrote: > Red-Hat's security announcement about the slapper worm > http://www.redhat.com/support/alerts/linux_slapper_worm.html > > Directs users to the follwoing page which is dated before the Worm ( 2002-08-05 !! ) > http://rhn.redhat.com/errata/RHSA-2002-160.html > > These rpm versions of OpenSSL are pre 0.9.6e and still vunerable to the worm and >also to any modified versions of the worm that may appear now the src code for the >worm is available. <http://online.securityfocus.com/archive/1/292021> > But you may find the source in /tmp/.bugtraq.c > > A Vunerability checker is available here: > > http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php > > Looks like its time to update OpenSSL from src :( > > > > Jam > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
