On 18 Dec 2002 05:37:37 -0500 I got caught by this too. RedHat in their infinite wisdom provides update patches but they typically do not change the version number like the rest of the software community. OpenSSL.org and all of the security advisory sites will show version 0.9.6b as being vulnerable but the only way to verify which "RedHat" version you actually have is to look at the dash number and compare it against the package contents from the RedHat site. You can also compare the MD5 of the binaries.
host# rpm -q openssl host# openssl-0.9.6b-28 I've complained to RH about this as it creates a whole lot more effort to actually verify if a system is really vulnerable. Thank you RedHat ;-0 Bruce Forestal CISSP CCNA - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
