On Thu, Aug 15, 2002 at 04:01:57PM +0200, [EMAIL PROTECTED] wrote:
> I have read your OpenSSL Security Advisory (30 July 2002), where there is
> the recommendation to upgrade to OpenSSL 0.9.6e for those using 0.9.6d and
> earlier.
>
> We are using OpenSSL version 0.9.6a-9 and OpenSSH version 2.9p1-7. The OS is
> SuSE - Linux 7.2 (i386)
>
> You recommend also recompiling all applications using OpenSSL to provide SSL
> or TLS.
>
> I would like you to tell me what exactly is meant by "recompilation". Do I
> have to download the source code for OpenSSH (since I had already OpenSSH
> installed on the system as binary package) and compile again to take SSL or
> whatever changes in effect?
Normally you would have to do all that 0.9.6a and 0.9.6e (and later) are
not binary compatible. For this very reason, SuSE maintains its 0.9.6a
version itself and applied the necessary fixes. Therefore, if you download
a "0.9.6a" version from SuSE's update server, you should have everything
you need.
SuSE also has a "suse-security" mailing list and a "suse-security-announce"
mailing list. If you are a SuSE user (I use it on my private PC myself),
I would recommend you at least to subsribe to the -announce mailing list,
so that you are informed about any important security related update.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
