Hi all Slightly off topic, but...
Can someone please enlighten me about how Redhat deal with OpenSSL RPM versions? One of my boxes says openssl 0.9.6b but I have updated several times since then with red-carpet and the version number never seems to change. Is it really still version 0.9.6b (i.e vulnerable), or is it some dodgy bodge that RH have done, where they have applied the patches/updates to the code, handed out an RPM with all the fixes, but havent changed the version number? Can I just install the latest OpenSSL from source on that box, or will that break the fragile RH install and interdependancies for the OpenSSL libs and stuff? I am just a bit worried that either my box is still vulnerable, or my reports are full of false positives for OpenSSL versions. Many thanks for any help/advice you can supply. it is greatly appreciated. (Right, off to upgrade to Nessus v1.2.7.... had to mention Nessus in here somewhere or i`d get kicked off the list :) -- Steve ------------------------------------------------- Steve Loughran, Network Infrastructure Manager Sony Computer Entertainment Europe (Cambridge) Yamaha YZF1000R Thunderace ICQ#: 104426046 - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
