[ale] Redhats package naming convention
Billy Quinn
bquinn at ersconnect.com
Tue Sep 17 10:40:33 EDT 2002
All,
I've downloaded openssl-0.9.6b-28 from redhat.com , which is their latest
release of openssl. I'm trying to verify this fixes all of the exploits from
the apache worm(" CERT Advisory CA-2002-27 Apache/mod_ssl Worm ")
with regard to openssl exploits. I'm nearly sure it does , because the
exploit for the worm seems to have been fixed in the release of the
openssl-0.9.6b-24 release.
I guess my question is , the number after 0.9.6b seems to be a build number
- Redhat do not seem to change the version ( in the case the 0.9.6b) ? I'm
not intimately familiar with their package naming convention , and I need to
make sure the build number increase is some kind of patching . In other
distro's ( Mandrake ) , you can find rpm's for 0.9.6e and above which is
what openssl group recommend - apparently Redhat just bump up the build
number of the base package.
Can anyone doubly verify that the openssl-0.9.6b-28 has all the patches to
prevent SSL exploits ( like the openssl-0.9.6e-g releases from the openssl
group ) ? I'm replacing some IIS servers , and last thing I want to do is
have the Apache servers hit with that worm/SSL exploit !
Thanks
Billy
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list