Hi Marcus, > for those that installed the solarspeed security update 'RaQ4: > Mod_SSL-2.8.4/OpenSSL-0.96g' on our raq's, what is the best course of > action.
Well, it is as follows: RaQ4-All-Security-2.0.1-2-15787.pkg fixes the /usr/lib/authenticate issues and a .htacess related problem, but NOT the mod_ssl/2.8.4 OpenSSL/0.9.6b Slapper vulnerability. Why Sun Cobalt didn't take the chance to fix two problems in one patch is beyond my knowledge. Instead they'll most likely bother us with another Apache-PKG in two months time. :o( So the recommended course of actions would be this: 1) Uninstall the Solarspeed PKG by running the uninstaller located at /var/lib/cobalt/uninstallers/mod_ssl-2.8.4.uninst 2) Then apply RaQ4-All-Security-2.0.1-2-15787.pkg 3) Re-apply the Solarspeed's RaQ4: Mod_SSL-2.8.4/OpenSSL-0.96g PKG -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
