Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] OpenSSL Vulnerability
  • From: Ben Rosenberg <ben@xxxxxxxxx>
  • Date: Fri, 13 Sep 2002 16:08:30 -0700
  • Message-id: <20020913230830.GK1488@xxxxxxxxx>
* bryan@xxxxxxxxxxxx (bryan@xxxxxxxxxxxx) [020913 15:42]:
:: - in reference to SuSE 8.0
::
::# rpm -qa |grep openssl
::openssl-0.9.6c-80
::openssl-devel-0.9.6c-80
::openssl-doc-0.9.6c-80

Roman could correct me, but from what I know this OpenSSL worm takes
advantage of an OpenSSL bug from a month or so ago. SuSE updated OpenSSL
after that bug was announced. Their policy as has been stated on this
list over and over again is that they do not upgrade the version number.
They instead patch the exist version and make new package as not to
break deps within the system. Most likely there could be 5 new openssl
bugs in the next year and unless it was absolutely unavoidable..the
package number for 8.0 will be 0.9.6c. If you think about everything
that has been compiled against this version that would have to be
recompiled and put out again.

--
Ben Rosenberg ---===---===---===--- mailto:ben@xxxxxxxxx
Tell me what you believe..
I tell you what you should see.

< Previous Next >
References