> This doesn't work for all our RaQ4s, Greg <frown>. > > For example, we've got a system that won't take openssl-0.9.7; it tells > us it conflicts with openssl-perl-0.9.6. I can't find any RPMS for > openssl-perl-0.9.7; in fact the last rpm I find for openssl-perl for > RHL6.2, is for 0.9.5. > > I'm most emphatically NOT a perl guru <frown>. openssl-perl is NOT part > of a standard RaQ install, and I've asked the customer if he really > needs it. I'm awaiting his reply. In case he does, do you or does > anyone else have an openssl-per-0.9.7 rpm for RHL6.2, i386?
Jeff - I had similar problems so I asked Greg directly what he did possibly with the view of doing a quick pkg for others - I have done the mod but I'm not convinced that I am protected but I am suspicious that we were partly hacked - in that we lost some stuff for no apparent reason the /var/spool/mail directory disappeared as did everything in /usr/admserv/html/SiteManage. Anyway this is the reply from Greg as to what he did - I have also done this and not seen any problems yet. Good luck. Gavin <snip> On Tue, 21 Jan 2003, Gavin Nelmes-Crocker wrote: > > Reaction > > -------- > > I reacted by updating my Raq4 units to OpenSSL 0.9.7 and OpenSSH 3.4p1PM4 > > from http://pkgmaster.com. We have also restricted SSH access to our raqs > > through /etc/hosts.allow|deny. > > > > I have put RPMS for OpenSSL 0.9.7 on our FTP server at: > > ftp://ftp.nacs.net/pub/software/cobalt_raq4 > > openssl-0.9.7-1.i386.rpm > > openssl-0.9.7-1.src.rpm > > openssl-devel-0.9.7-1.i386.rpm > > openssl-doc-0.9.7-1.i386.rpm > > > > OpenSSL 0.9.7 fixes 4 reported remote exploits. I have no idea if > > Cobalt's > > security patches address this, as I just applied them in the order > > required and didn't read much about what was being patched. After > > installing the new OpenSSL RPMS, my previous versions of OpenSSH > > would not > > work properly, so I updated to the 3.4pl1 from pkgmaster and all is fine. > > Hi > > Can you tell me in what way you did the openssl upgrade - if I do rpm -Uvh i > get > > error: failed dependencies: > openssl = 0.9.6b-8 is needed by openssl-perl-0.9.6b-8 openssl-perl seems to be deprecated, as the scripts it contains are provided in the openssl-0.9.7 rpm. I uninstalled it. > libcrypto.so.2 is needed by curl-7.9.4-1 > libcrypto.so.2 is needed by php-4.1.2-PM3 > libssl.so.2 is needed by curl-7.9.4-1 > libssl.so.2 is needed by php-4.1.2-PM3 I haven't seen any adverse negative reaction from my installation. Does anyone have any idea why php and curl would need ssl? > did you force it or nodeps ? Here is exactly what I did. rpm -e openssl-perl rpm -Uvh openssl-devel-0.9.7-1.i386.rpm rpm -Uvh openssl-0.9.7-1.i386.rpm --nodeps Nothing appears to be broken yet. <end snip> _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
