So why do your telephone support people not know about this? They advised me to log it on bugzilla in the first place. Why isn't this page linked to from your errata site? That's where people look for updates. Why no information to CERT or Bugtraq?
You're beginning to make Microsoft look professional, which is a scary thought. John > -----Original Message----- > From: Mark J Cox [mailto:[EMAIL PROTECTED]] > Sent: 20 September 2002 12:25 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Red Hat Linux update for Linux Slapper worm > > > > The previous openssl errata at > > http://rhn.redhat.com/errata/RHSA-2002-160.html has no > mention of the > > buffer overflows fixed on July 30th. This package was built > on August > > 1st, so it is unlikely to include the 0.9.6d patches due to > the time lag > > of testing patches by Red Hat. > > On the www.redhat.com home page you will find a link about the slapper > worm, http://www.redhat.com/support/alerts/linux_slapper_worm.html > > Versions of OpenSSL that are not vulnerable to this worm have been > available from Red Hat since 29th July 2002. Customers who > have kept their > systems up to date are not impacted by this worm. > > http://rhn.redhat.com/errata/RHSA-2002-155.html was released > on the 29th > of July and fixed the vulnerability that the Linux Slapper worm takes > advantage of. We released a new version of OpenSSL a little > later that > fixed one of the other vulnerabilities, > http://rhn.redhat.com/errata/RHSA-2002-160.html > > If you upgraded to either of the OpenSSL errata and followed the > instructions about restarting your services you are protected > against the > Linux slapper worm. > > Thanks, Mark > -- > Mark J Cox / Security Response Team / Red Hat > Tel: +44 798 061 3110 // Fax: +44 870 1319174 > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
