The answer is a simple YES. By the way, there is no guessing about it. The note in advisory CA-2002-27 includes the statement: The Apache/mod_ssl worm is self-propagating malicious code that exploits the OpenSSL vulnerability described in VU#102795. This vulnerability was the among the topics discussed in CA-2002-23 Multiple Vulnerabilities In OpenSSL. The SuSE announcement for SSL says it fixes the bug in CA-2002-23. Therefore, these are the correct patches and THERE IS NO GUESSING about it. Sorry, but these email were really dragging out for no good reason if the announcements were properly read. Jim
Miguel Albuquerque wrote:
Slapper is using an OpenSSL mod_ssl exploit reported and patched at http://www.openssl.org/news/secadv_20020730.txt.
The security update openssl release 20020812 by SuSE fixes the problem? Thanx
Olaf replied:
It does.
Olaf
I want to be absolutely sure I know what I'm doing here.
The only recent ssl-related advisories I see in the SuSE archive are these:
July 30: http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0003.html July 31: http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0004.html
The July 30 advisory provides links to openssl rpms that appear, based on the names, to range from 0.9.5a to 9.9.6e, depending on which level of SuSE you are on. The CERT advisory says you need 0.9.6e or newer. Now I know SuSE often patches old versions to simplify dependency implications. But I don't want to make a bad assumption here. So I am looking for definitive information:
The CERT advisory for slapper:
http://www.cert.org/advisories/CA-2002-27.html
says that slapper exploits vulnerability VU#102795:
http://www.kb.cert.org/vuls/id/102795
which labels this vulnerability as CERT Advisory CA-2002-23, and CVE Name CAN-2002-0656. This matches one of the cross-referenced vulnerabilities on the SuSE July 30 advisory:
http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0003.html
Based on this, my guess (I hate having to guess about this!) is that all of the rpm's linked in the July 30 advisory have been patched by SuSE and contain the fix needed to overcome the vulnerability (VU#102795) exploited by slapper, despite the confusing names of those openssl versions. Therefore, applying the listed rpm designated for my version of SuSE will protect me from the slapper worm. Is this correct?
Many thanks for your excellent work in fixing these things.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here