Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
RE: [suse-security] Linux/Slapper.worm
  • From: "Joachim Hummel" <joachim.hummel@xxxxxxxxxxxxx>
  • Date: Wed, 18 Sep 2002 14:24:04 +0200 (MEST)
  • Message-id: <1207.62.158.35.85.1032351844.squirrel@xxxxxxxxxxxxxxxxxxxxx>
Hello all

i am very confused ...!
I need only a new rpm version of mod_ssl.rpm from SuSE ?
I need only a new rpm version of apache ?
In which version (7.3 or and 8.0) of SuSE are a new package available ?
I can find only mod_ssl from 30.Juli 2002 for SuSE 8.0 z.B. and after
installing i have also a vulnerable version mod_ssl !
Doesn´t interessting this vulnerable of OpenSSL the SuSE Support ?
I can´t find some information about this vulnerable on SuSE Support Side.

How many server must be infected, so that SuSE brings out some
new updates for eliminate this big exploit ?

I have some Webserver installed in the Internet and i don´t know
what must i do for this problem !

I have SuSE 7.3 and 8.0 (native with Apache and SSL... what must i do now
SuSE ( Step by Step ) ?????

The support is absolute bad for misinformation and something else.





> The answer is a simple YES.
>
> By the way, there is no guessing about it. The note in
> advisory CA-2002-27 includes the statement:
> The Apache/mod_ssl worm is self-propagating malicious
> code that exploits the OpenSSL vulnerability described in
> VU#102795. This vulnerability was the among the topics
> discussed in CA-2002-23 Multiple Vulnerabilities In OpenSSL.
>
> The SuSE announcement for SSL says it fixes the bug in
> CA-2002-23.
>

-------------------------
Mit freundlichen Grüßen
Joachim Hummel




< Previous Next >
References