right, so you have to check rpm -q openssl/openssh --changelog for the fixes. with all that you can hopefully figure out if your enviroment is patched or not.
The latest openssh rpms for SuSe 7.2 und 7.3 on ftp.suse.com are both dated July 01; since the openssl security announcement was released on July 30, openssh can't really be fixed, *if* it it is statically linked against the openssl libs, right?
(Unless SuSE secretly fixed openssl *long* before the announcement...)
I think a clarification would *really* be nice...
Guys, I must repeat: The SuSE security team does not read suse-security@ on a regular basis. It's good luck that I didn't skip this thread, so I've seen it. But important things like this should _always_ be sent to security@suse.de or at least to one of the team members that you know is present (thomas, krahmer, okir and myself). You will see the new RPMs on the ftp server within hours.
Martin
Thanks,
Roman.
--
- -
| Roman Drahtmüller