Actually, I believe that both (openssl-0.9.6b-8) and (openssl-perl-0.9.6b-8) are included with the Raq4 because there were two openssl dynamic (*.so) libs on my Raq4 on a fresh install, before I installed OpenSSH. And I know I didn't install anything dealing with perl unless it was a official cobalt update.
>The fact that you have /usr/local/openssl-0.9.6b directory suggests that >you compiled the thing from source. Grab 0.9.6e, build and install it. >Since it was not installed from rpm, there is no way to find which >programs may use it other than recall which ones you compiled yourself. >Check if any of them are statically linked against openssl, and rebuild. > >Just for case, check if you installed openssl from rpm, run this >command: > >rpm -qa|grep openssl > >If the only thing you see is "apache-openssl-1.3.20-RaQ4_1C3" then you >did not. If you see something like this: > >openssl-perl-0.9.6b-XX >openssl-0.9.6b-XX >openssl-devel-0.9.6b-XX > >then you did. It is my undestanding that the vulnerability was fixed in >the version with 'XX' = '24'. Grab and install appropriate rpms. > >Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
