Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Linux/Slapper.worm
  • From: "Joachim Hummel" <joachim.hummel@xxxxxxxxxxxxx>
  • Date: Wed, 18 Sep 2002 15:12:38 +0200 (MEST)
  • Message-id: <1634.62.158.35.85.1032354758.squirrel@xxxxxxxxxxxxxxxxxxxxx>
Hello all


Markus Fischer sagte:
> All you need to upgrade is you openssl library (in fact,
> libssl.so* and libcrypto.so*). And if you have compiled
> anything manually which links statically against
> libssl.a/libcrypto.a you have to rebuild it (I'm just
> mentioning that in case); latter case also means you need the
> openssl-devel package.
Ok this is it !

>
>
> On Wed, Sep 18, 2002 at 02:24:04PM +0200, Joachim Hummel wrote :
>> I need only a new rpm version of mod_ssl.rpm from SuSE ?
>
> No.
>
>> I need only a new rpm version of apache ?
>
> No.
>
>> In which version (7.3 or and 8.0) of SuSE are a new package available
>> ?
>
> Both of them have been updated.
>
>> I can find only mod_ssl from 30.Juli 2002 for SuSE 8.0 z.B. and after
>> installing i have also a vulnerable version mod_ssl !
>> Doesn´t interessting this vulnerable of OpenSSL the SuSE Support ?
>
> They're interested. The fixed the hole quite some time ago.
>
>> I can´t find some information about this vulnerable on SuSE Support
>> Side.
>
> Take a look here:
> http://www.suse.com/de/security/2002_027_openssl.html
Openssl 0.9.6.c --- This is also a vulnerable version !!
Securityfocus says:
The vulnerability exploited by the Slapper (Apache/mod_ssl) worm was fixed
beginning with OpenSSL version 0.9.6e. Administrators may want to upgrade
to the latest version as of this writing the latest version of OpenSSL is
0.9.6g.
Who is openssl-0.9.e.XX.i386.rpm ???
who is mod_ssl-XXXXX with version of 0.9.6.e ?

Sorry but i don´t this confused version discussion !!!
In which file version of some rpm files is included openssl .0.9.6.e and
higher ??

--
Mit freundlichen Grüßen
Joachim Hummel




< Previous Next >
References