On Wed, 2002-10-02 at 00:50, Michael Stauber wrote: > RaQ4-All-Security-2.0.1-2-15787.pkg fixes the /usr/lib/authenticate issues and > a .htacess related problem, but NOT the mod_ssl/2.8.4 OpenSSL/0.9.6b Slapper > vulnerability. Why Sun Cobalt didn't take the chance to fix two problems in > one patch is beyond my knowledge. Instead they'll most likely bother us with > another Apache-PKG in two months time. :o(
Michael, are you certain about this? Or did you figure from the openssl version that apache reports? The point is that they may have build mod_ssl against openssl-0.9.6b-24 RPM that, despite its version, allegedly has slapper-exploitable vulnerabilities fixed. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
