If I had a Euro for each time this question gets asked... The openssl FAQ details that fact the Red Hat 7.x (onwards) uses backported versions. That is, if you have installed the Red Hat update to your version (either manually or using Red Hat Network at rhn.redhat.com) you are protected from currently known vulnerabilities.
The current supported openssl versions for Red Hat are: openssl-0.9.6-16 - 7.1 openssl-0.9.6b-32.7 - 7.2, 7.3 openssl-0.9.6b-33 - 8.0 openssl-0.9.7a-5 - 9.0 Of course, there is nothing to stop you building a separate version in a different directory. Unless you need to use patent restricted code there'll be no need. If you haven't built against one of these versions, you'll either need to recompile or use the Red Hat supplied mod_ssl package. Whichever you choose is up to you. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Evolution isn't true just because the majority of people think it is. > -----Original Message----- > From: Francisco Javier Martinez Martinez > [mailto:[EMAIL PROTECTED] > Sent: 12 June 2003 08:01 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Upgrading to the lastest version, what happends with my > Apache-Mod_SSL? > > > Hello. > > I want to upgrade the OpenSSL to the 0.9.6j version to get > ride of the two > last vulnerabilities found in the previous versions of > OpenSSL. The system > is RedHat 7.x running Apache 1.3.27 with mod_ssl, both > compiled with APACI > method (configure, make & make install), an my question is: > > It is necessary once I had upgraded the OpenSSL to recompile > my Apache so > the mod_ssl could be linked to the new libraries of the > OpenSSL or only > with upgrading the openssl is the work done? > > Thanks in advance. Regards. > > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
