On Fri, 28 Feb 2003, Tom Wilson wrote: > Hi all, > > In my efforts to get the latest version of Webmin on my proxy server(RH8 > box), I'm trying to upgrage a box to openssl-0.9.6g-1 from > openssl-0.9.6b-28. I built the rpms from source and when I did the
Why? Anything older than 0.9.6i has a know password exploit vulnerability. > My thought is to use the --replacefiles option since I don't care if the > actual openssl-0.9.6b binary is overwritten, I just want to keep the > older libraries. Will doing --replacefiles be a wise option or will it > replace the libraries too? Is this file conflict just the tip of the > iceberg of many more? > > This is a production box so I didn't want to go messing without getting > some input. If this is a production box then you need 0.9.6i, and nothing else. Otherwise you'll remain vulnerable. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lonni J Friedman [EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
