SUSE 10.0 'vulnerable' versions of GnuPG and OpenSSL?
Hi All, I recently installed, updated and ran rkhunter. Here's what it's saying about GnuPG and OpenSSL: * Application version scan - GnuPG 1.4.2 [ Vulnerable ] - Bind DNS 9.3.1 [ OK ] - OpenSSL 0.9.7g [ Vulnerable ] - PHP 4.4.0 [ OK ] - Procmail MTA 3.22 [ OK ] - OpenSSH 4.1p1 [ OK ] Ideas or recommendations, anyone? thanks! Carl
On Saturday 16 September 2006 06:25, Carl Hartung wrote:
Hi All,
I recently installed, updated and ran rkhunter. Here's what it's saying about GnuPG and OpenSSL:
* Application version scan - GnuPG 1.4.2 [ Vulnerable ] - Bind DNS 9.3.1 [ OK ] - OpenSSL 0.9.7g [ Vulnerable ] - PHP 4.4.0 [ OK ] - Procmail MTA 3.22 [ OK ] - OpenSSH 4.1p1 [ OK ]
Ideas or recommendations, anyone?
Unless I'm much mistaken, it looks only at version numbers. When there is a security vulnerability, suse will not upgrade to a new version. Rather, the installed version gets the security fix backported to it So programs that only look at version numbers are of no use at all on a suse box
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-09-16 at 00:25 -0400, Carl Hartung wrote:
I recently installed, updated and ran rkhunter. Here's what it's saying about GnuPG and OpenSSL:
* Application version scan - GnuPG 1.4.2 [ Vulnerable ]
There were some updates related to that, but as Anders says, the version number is not altered in SuSE distros. I would ignore it, unless rkhunter can expand the info as to which holes need plugin. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFC8oatTMYHG2NR9URAjy5AJ96ibT8kUE5TFalaYNUUPq7G9esogCdF4IB t8MBNyYfzsbOIZUO1MLbKQI= =4ie1 -----END PGP SIGNATURE-----
On Saturday 16 September 2006 04:21, Anders Johansson wrote:
... So programs that only look at version numbers are of no use at all on a suse box
On Saturday 16 September 2006 05:55, Carlos E. R. wrote:
There were some updates related to that, but as Anders says, the version number is not altered in SuSE distros. I would ignore it, unless rkhunter can expand the info as to which holes need plugin.
Thanks Anders and Carlos!
participants (3)
-
Anders Johansson -
Carl Hartung -
Carlos E. R.