Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Linux/Slapper.worm
  • From: Thomas Seliger <CRJLJAKTJORB@xxxxxxxxxxxxx>
  • Date: Mon, 16 Sep 2002 18:10:43 +0200
  • Message-id: <3D860283.4040804@xxxxxxxxxxxxx>
Hi,

the worm uses an error in the openssl package. So if you upgraded the
openssl package from

http://ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/update/7.1/sec1/openssl-0.9.6a-67.i386.rpm

you should be secure.

With all that people panicing around, maybe a seperate security
announcement containing the necessary fixes (that are just links to the
old updated packages... :P ) would be a good idea?

ciao
Tom

Markus Gaugusch wrote:
> On Sep 16, Olaf Kirch <okir@xxxxxxx> wrote:
>
>>>Slapper is using an OpenSSL mod_ssl exploit reported and patched at
>>>http://www.openssl.org/news/secadv_20020730.txt.
>>>The security update openssl release 20020812 by SuSE fixes the problem?
>>>Thanx
>>
>>It does.
>>
>>Olaf
>
> Why is mod_ssl.rpm from suse 7.1 dated 29-Jul-2002 13:47 ?
> Am I at risk???
>
> I looked at
> http://ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/update/7.1/sec2/
>
> Markus
>


--
this is a maillist account, so please
send personal replies to cso[at]trium[dot]de


< Previous Next >
References