On Mon, 27 Jan 2003, Gavin Nelmes-Crocker wrote: > > This doesn't work for all our RaQ4s, Greg <frown>. > > > > For example, we've got a system that won't take openssl-0.9.7; it tells > > us it conflicts with openssl-perl-0.9.6. I can't find any RPMS for > > openssl-perl-0.9.7; in fact the last rpm I find for openssl-perl for > > RHL6.2, is for 0.9.5. > > > > I'm most emphatically NOT a perl guru <frown>. openssl-perl is NOT part > > of a standard RaQ install, and I've asked the customer if he really > > needs it. I'm awaiting his reply. In case he does, do you or does > > anyone else have an openssl-per-0.9.7 rpm for RHL6.2, i386? > > Jeff - I had similar problems so I asked Greg directly what he did possibly > with the view of doing a quick pkg for others - I have done the mod but I'm > not convinced that I am protected but I am suspicious that we were partly > hacked - in that we lost some stuff for no apparent reason the > /var/spool/mail directory disappeared as did everything in > /usr/admserv/html/SiteManage. > > Anyway this is the reply from Greg as to what he did - I have also done this > and not seen any problems yet. Good luck. > > Gavin
Keep in mind that the OpenSSL RPM that I published does NOT help secure your Apache installation. Cobalt's latest RPM uses a STATICALLY LINKED openssl 0.9.6 revision. So does the OpenSSH PKG from pkgmaster. Unless you are using dynamically linked mod_ssl or ssh binaries, you don't need to install my RPM. > <snip> > On Tue, 21 Jan 2003, Gavin Nelmes-Crocker wrote: > > > > Reaction > > > -------- > > > I reacted by updating my Raq4 units to OpenSSL 0.9.7 and OpenSSH > 3.4p1PM4 > > > from http://pkgmaster.com. We have also restricted SSH access to our > raqs > > > through /etc/hosts.allow|deny. > > > > > > I have put RPMS for OpenSSL 0.9.7 on our FTP server at: > > > ftp://ftp.nacs.net/pub/software/cobalt_raq4 > > > openssl-0.9.7-1.i386.rpm > > > openssl-0.9.7-1.src.rpm > > > openssl-devel-0.9.7-1.i386.rpm > > > openssl-doc-0.9.7-1.i386.rpm > > > > > > OpenSSL 0.9.7 fixes 4 reported remote exploits. I have no idea if > > > Cobalt's > > > security patches address this, as I just applied them in the order > > > required and didn't read much about what was being patched. After > > > installing the new OpenSSL RPMS, my previous versions of OpenSSH > > > would not > > > work properly, so I updated to the 3.4pl1 from pkgmaster and all is > fine. > > > > Hi > > > > Can you tell me in what way you did the openssl upgrade - if I do rpm -Uvh > i > > get > > > > error: failed dependencies: > > openssl = 0.9.6b-8 is needed by openssl-perl-0.9.6b-8 > > openssl-perl seems to be deprecated, as the scripts it contains are > provided in the openssl-0.9.7 rpm. I uninstalled it. > > > libcrypto.so.2 is needed by curl-7.9.4-1 > > libcrypto.so.2 is needed by php-4.1.2-PM3 > > libssl.so.2 is needed by curl-7.9.4-1 > > libssl.so.2 is needed by php-4.1.2-PM3 > > I haven't seen any adverse negative reaction from my installation. Does > anyone have any idea why php and curl would need ssl? > > > did you force it or nodeps ? > > Here is exactly what I did. > > rpm -e openssl-perl > rpm -Uvh openssl-devel-0.9.7-1.i386.rpm > rpm -Uvh openssl-0.9.7-1.i386.rpm --nodeps > > Nothing appears to be broken yet. > > <end snip> > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > -- Vice President of N2Net, a New Age Consulting Service, Inc. Company http://www.n2net.net Where everything clicks into place! KP-216-121-ST _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
