RE: [suse-security] Linux/Slapper.worm
Olaf Kirch wrote:
Hm. Is it really that difficult? It's a reference to related announcements, and unless you have serious doubts about our mental health it is fair to assume we didn't put these references there just because we felt they were so decorative ... :)
I think we're talking about two different things. I not only need to figure out what patch to apply. I also need to be able to document that I applied the right patch for THIS problem, in a way that can be clearly understood by my management and my customers. When my customers see OpenSSL 0.9.5a, they will think I have left them vulnerable to the slapper worm. I have to be able to show them that this is not the case. To do so I need to be able to point them to an advisory from SuSE. However, I don't have one that says what I need it to say. I need it to say that this is not the same 0.9.5a as the similarly named version from www.openssl.org. I need it to say that the rpm from SuSE has been patched by SuSE so that it addresses the slapper worm vulnerability. Since the worm came out after the corresponding SuSE advisory, it would be helpful to receive an advisory (referencing the earlier advisory) pointing out clearly that thesse packages address the new worm. IMO this is a problem with SuSE security advisories in general, not just this case. I know you guys are very smart, and are working very hard, and I appreciate it! I'm just trying to help you understand a genuine need that is not being addressed in the advisories. I'm not making this up...
On Wed, Sep 18, 2002 at 11:25:34AM -0400, Alan Rouse wrote:
Since the worm came out after the corresponding SuSE advisory, it would be helpful to receive an advisory (referencing the earlier advisory) pointing out clearly that thesse packages address the new worm.
Okay, point taken. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (2)
-
Alan Rouse
-
Olaf Kirch