Yup, Peter Poeml wrote: [...]
I can´t find any ssl version of 0.9.6.e or 0.9.6.g this is recommended of securityfocus.com
Yes, there is no reason and no nedd to do risky updates from an (up to) two year old openssl version to the newest one which could break half of your system. Times change, compilers and other tools as well as their usage changes... Look at the openssl changelog alone, and see how much has changed there since then! Really, all you want is a fix for that given security vulnerability, i.e. an appropriate source code patch. Guess what, we add such patches to our packages :) yes, and that's why we send out those fancy announcements...
[...] For the record, I have manually updated about three dozen *nix boxes' openssl/Apache now, and it's definitely no problem to switch from an older openssl to 0.9.6e or g. The only cricital thing is to choose the correct SSL patch ("FixPatch") for the corresponding Apache and openssl versions. Needless to say that I ran numerous tests to ensure that the new versions work as expected. Of course it's definitely more convenient/safe to do these updates via RPM/You, I don't want to encourage anyone to wreck their systems.
Peter
Boris ---