Further to my previous posting, I have been informed by Red Hat of the following:
"http://rhn.redhat.com/errata/RHSA-2002-155.html was released on the 29th of July and fixed the vulnerability that the Linux Slapper worm takes advantage of. We released a new version of OpenSSL a little later that fixed one of the other vulnerabilities, http://rhn.redhat.com/errata/RHSA-2002-160.html If you upgraded to either of the OpenSSL errata and followed the instructions about restarting your services you are protected against the Linux slapper worm. Just to explain how we can have a fix so quickly - The OpenSSL group gave vendors advance notice of the vulnerabilities giving us time to prepare updated packages in advance of their advisory." However, Red Hat (and others such as Suse) have been very quiet about this. They have not informed CERT or Bugtraq that this vulnerability is fixed in their latest version. I didn't even get told this when I rang their support department. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Reality TV - the ultimate oxymoron - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]