Hi Eugene, > are you certain about this? Or did you figure from the openssl version > that apache reports? The point is that they may have build mod_ssl > against openssl-0.9.6b-24 RPM that, despite its version, allegedly has > slapper-exploitable vulnerabilities fixed.
The RPMs inside the PKG were built on August 7th, so there is little hope for that. You'd need RH's openssl-0.9.6b-28 to fix the problem. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
