Thanks Vincent for all the education. I knew that was the best way to get the info out of someone.... This was all done on a a test system.....so nothing is really lost so far.
It makes perfect sense from your explanation that the RPM's I was trying to install are for RH. In the future, how does one make rpm's for mandrake then? Say, I want "openssl version" to show me 0.9.7b so that i dont get flagged by some scanners looking at responses version command? I was trying to update openssl to stop myself from getting "flagged" for having a vulnerable system based on a version # only. [eg. sendmail 8.12.6 is patched on Mandrake, BUT, i had to upgrade for 8.12.9 for the same reason!, since scanners would flag 8.12.6 as vulnerable]. Also, after changing the links in /usr/lib to point to newer /usr/lib/libcrypto.so.0.9.7, then ran ldconfig, it did reset them to original config! (ie. pointing back to 0.9.6). Can you educate me on that too? Readin "man ldconfig" has not shaded a light yet! Good thing i have not touched any actual hosts being used. BUT, how then can I ran openssl-0.9.7b on the them (using rpm)? _Thanks much Richard --- Vincent Danen <[EMAIL PROTECTED]> wrote: > On Tue Jul 29, 2003 at 10:54:20AM -0700, Tru64 User > wrote: > > > i checked my openssl, it was version 0.9.6x > > (vulnerable) > > MandrakeUpdate, does not offer its upgrade via > > security updates. > > What vulnerability are you thinking of, > specifically? Is it this one: > > http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035 > > AFAIK, there is 0.9.6x version of OpenSSL. Also > keep in mind that we do not > usually upgrade OpenSSL, but rather patch it so your > version may not be > vulnerable, although I am interested in knowing what > vulnerability you are referring to. > > > OK. So? Download openssl-0.9.7b (No rpm available) > > OK. Make one of my own (rpm -tb .....tar.gz), > Fine. > > That's not a mandrake spec that is included in the > tar.gz. It is probably > not properly "libified" and rather uses RH's style > of packaging. > ===== __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
