Some time ago, Jon burst forth this utterance: Okay folks, check your Apache webservers running mod_ssl and make sure they up-to-date (version greater than 0.9.6d). There's a new bug in town and it breaks into Apache via a vulnerability in mod_ssl.
Jon I have a question. When I read this I just shut down my web server as I didn't have time to patch it (still working the 80+ work weeks). Anyway, here's the history: I was running openssl-0.9.6.3. I downloaded the latest RPM from Red Hat for my distro (7.1) which was the following file: openssl-0.9.6-13.i386.rpm rpm -U --test openssl-0.9.6-13.i386.rpm showed no errors so I upgraded Now my rpm -qa | grep ssl shows: openssl-0.9.6-13 Looking into more detail about the version (rpm -qi this time) I see the following: Name : openssl Relocations: (not relocateable) Version : 0.9.6 Vendor: Red Hat, Inc. Release : 13 Build Date: Thu 01 Aug 2002 02:57:06 Looking at the release date I'd say that it's fairly impossible that this is going to fix any bugs discovered after August, 01, 2002. Correct? So my website is still down (not a big deal, really) but I would like to get it back up and running sometime.. What is the process that Red Hat uses to update the RPMs at ftp://updates.redhat.com? When a bug is discovered how long does it take for an updated RPM to appear or am I expected to download the source and compile it myself. Not a big deal really, and maybe I'm missing something as I've been awake for too long but am I wrong in assuming that I'm still at risk with this bug? And how long until I can expect an updated rpm from Red Hat? And does anyone have a URL which details the process of how bugs are fixed and added to RPMs? Thanks! Greg _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
