We were looking to upgrade to latest and greatest of OpenSSL to plug what we
thought were vulnerabilities. We are running 0.9.7a, according to when we
pass the 'version' flag. However, according to RedHat the package we have
installed, via up2date, is patched to cover the latest vulnerabilities
My inclination is to believe a vendor when they say things like it's XXX
version n, with all known vulnerability fixes thru version n+m
Vendors often do this kind of thing, for the same reason you don't want to
upgrade RHEL installations.
/r$
--
SOA Appliances
Application Integration