You can disregard the following email if you don't use Red Hat Linux 7.0 and
above.

Having waited for an update to openssl from RedHat, I decided to call them.
They've not had anyone ask them for an update, which came as a bit of a
shock. I have therefore registered a request to release an update to openssl
via their bugzilla site. For information, the vulnerability that Linux
Slapper takes advantage of was fixed in openssl on 30th July. See
http://www.cert.org/advisories/CA-2002-23.html for details.

The previous openssl errata at
http://rhn.redhat.com/errata/RHSA-2002-160.html has no mention of the buffer
overflows fixed on July 30th. This package was built on August 1st, so it is
unlikely to include the 0.9.6d patches due to the time lag of testing
patches by Red Hat.

You can add your comments to the bug report at
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=74312. If I haven't
heard from them soon, I will probably release an update myself.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 

Reality TV - the ultimate oxymoron


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to