On Sun, Oct 01, 2006 at 07:35:34PM -0500, Kevin Day wrote: > On 9/29/06, Aki Tuomi <[EMAIL PROTECTED]> wrote: > >OpenSSL has critical vulnerabilities. I tested the OpenSSL-0.9.8d > >package on my machine, the patches go in nicely, except for FAQ, which > >requires a minor alteration due to different wordings. > > > >Aki Tuomi > > What vulnerabilities and in what versions? > Is there a link? > > Are you saying that the version in the book has critical > vulnerabilities and it should be upgraded to 0.9.8d? > -- > Kevin Day > -- > http://linuxfromscratch.org/mailman/listinfo/hlfs-dev > FAQ: http://www.linuxfromscratch.org/faq/ > Unsubscribe: See the above information page
http://www.openssl.org/news/secadv_20060928.txt Here you go These vulnerabilities are resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7l (or later); - in the 0.9.8 branch, version 0.9.8d (or later). Aki Tuomi -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
