Hello all Markus Fischer sagte:
All you need to upgrade is you openssl library (in fact, libssl.so* and libcrypto.so*). And if you have compiled anything manually which links statically against libssl.a/libcrypto.a you have to rebuild it (I'm just mentioning that in case); latter case also means you need the openssl-devel package.
Ok this is it !
On Wed, Sep 18, 2002 at 02:24:04PM +0200, Joachim Hummel wrote :
I need only a new rpm version of mod_ssl.rpm from SuSE ?
No.
I need only a new rpm version of apache ?
No.
In which version (7.3 or and 8.0) of SuSE are a new package available ?
Both of them have been updated.
I can find only mod_ssl from 30.Juli 2002 for SuSE 8.0 z.B. and after installing i have also a vulnerable version mod_ssl ! Doesn´t interessting this vulnerable of OpenSSL the SuSE Support ?
They're interested. The fixed the hole quite some time ago.
I can´t find some information about this vulnerable on SuSE Support Side.
Take a look here: http://www.suse.com/de/security/2002_027_openssl.html
Openssl 0.9.6.c --- This is also a vulnerable version !! Securityfocus says: The vulnerability exploited by the Slapper (Apache/mod_ssl) worm was fixed beginning with OpenSSL version 0.9.6e. Administrators may want to upgrade to the latest version as of this writing the latest version of OpenSSL is 0.9.6g. Who is openssl-0.9.e.XX.i386.rpm ??? who is mod_ssl-XXXXX with version of 0.9.6.e ? Sorry but i don´t this confused version discussion !!! In which file version of some rpm files is included openssl .0.9.6.e and higher ?? -- Mit freundlichen Grüßen Joachim Hummel