Also sprach stayler: > > Hi Guys. > > This may seem a simplistic question but here it goes. I take it the > fix for this SSL exploit is to build the latest OpenSSL, 0.9.6g, and > then rebuild Apache against it? Or is it to rebuild modssl agains the > new libraries? I'd like to understand this a little better.
Strictly speaking, the worm (Slapper, I believe) exploits a problem in the OpenSSL code. Naytheless, upgrade to *at least* 0.9.6e of OpenSSL (I think it's already to 0.9.6g) and then rebuild all applications that use OpenSSL. According to the Apache web site (http://httpd.apache.org/), you should upgrade apache to 1.3.26 or 2.0.40, unless you are using UNIX, in which case, 2.0.39 should be safe. Kurt -- Life is like a simile. _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
