On 11/20/2010 03:14 PM, Boyd Stephen Smith Jr. wrote: >> >Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a >> >security risk. Warning: Application 'openssl', version '0.9.8n', is out of >> >date, and possibly a security risk. Warning: Application 'sshd', version >> >'5.5p1', is out of date, and possibly a security risk. >> > >> > > > I does look like "gnupg" and "openssl" have received some updates since the > Lenny release, and "openssl" got some from the security team specifically. > "openssh-server" hasn't been updated since the Lenny release, AFAIK. > > If there is a specific vulnerability you are concerned about, asking on > debian-security for the status of a fix might be appropriate. As far as > unknown threats go, there may be security flaws in the Lenny versions that > are > fixed upstream, but there may also be new flaws introduced upstream and are > not in the Lenny versions. I am not so much concerned about about vulnerability as I am rkhunter giving me a warning about "up-2-date" apps.. openssl might concern me, because I use ssl.. same with ssh.. since MOST of what I do is behind my router, I am not very public internet facing.. I just don't like getting messages that tell me something is NOT uptodate, when I am ALWAYS up to date..
-- Paul Cartwright Registered Linux user # 367800 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ce82f6e.3030...@pcartwright.com
