Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Linux/Slapper.worm
  • From: Olaf Kirch <okir@xxxxxxx>
  • Date: Mon, 16 Sep 2002 16:45:45 +0200
  • Message-id: <20020916164545.J1873@xxxxxxx>
On Mon, Sep 16, 2002 at 04:37:02PM +0200, Markus Gaugusch wrote:
> > > The security update openssl release 20020812 by SuSE fixes the problem?
> > > Thanx
> >
> > It does.
> >
> > Olaf
> Why is mod_ssl.rpm from suse 7.1 dated 29-Jul-2002 13:47 ?
> Am I at risk???

All security holes discussed in
http://www.openssl.org/news/secadv_20020730.txt refer to bugs in
the OpenSSL libraries themselves, i.e. libssl and libcrypto.

The vulnerability exploited by the worm is not in the mod_ssl module
itself, it's in these libraries.

Hope this sheds some light on the issue.

Olaf
--
Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@xxxxxxx | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann

< Previous Next >