> The previous openssl errata at > http://rhn.redhat.com/errata/RHSA-2002-160.html has no mention of the > buffer overflows fixed on July 30th. This package was built on August > 1st, so it is unlikely to include the 0.9.6d patches due to the time lag > of testing patches by Red Hat.
On the www.redhat.com home page you will find a link about the slapper worm, http://www.redhat.com/support/alerts/linux_slapper_worm.html Versions of OpenSSL that are not vulnerable to this worm have been available from Red Hat since 29th July 2002. Customers who have kept their systems up to date are not impacted by this worm. http://rhn.redhat.com/errata/RHSA-2002-155.html was released on the 29th of July and fixed the vulnerability that the Linux Slapper worm takes advantage of. We released a new version of OpenSSL a little later that fixed one of the other vulnerabilities, http://rhn.redhat.com/errata/RHSA-2002-160.html If you upgraded to either of the OpenSSL errata and followed the instructions about restarting your services you are protected against the Linux slapper worm. Thanks, Mark -- Mark J Cox / Security Response Team / Red Hat Tel: +44 798 061 3110 // Fax: +44 870 1319174 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
