Michael D. Schleif wrote: > Anybody care to shed light on the flurry of changes in openssl since > last week?
Perhaps this helps from the Redhat site? Redhat even recommends rebooting because the code is used so pervasively in Linux. http://rhn.redhat.com/errata/RHSA-2002-160.html "Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix multiple protocol parsing bugs which may be used in a denial of service (DoS) attack or cause SSL-enabled applications to crash. ... "Portions of the SSL protocol data stream, which include the lengths of structures which are being transferred, may not be properly validated. This may allow a malicious server or client to cause an affected application to crash or enter an infinite loop, which can be used as a denial of service (DoS) attack if the application is a server. It has not been verified if this issue could lead to further consequences such as remote code execution. ... "Solution "Because both client and server applications are affected by these vulnerabilities, we advise users to reboot their systems after installing these updates. ... Greg ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
