OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
Alexander Dalloz
ad+lists at uni-x.org
Wed Dec 1 01:09:12 UTC 2004
Am Mi, den 01.12.2004 schrieb scootgirl.com um 2:04:
> Hi Rahul,
>
> I used that tool and it said everything on my system was OK except the
> following:
>
> [16:55:09] Scanning OpenSSL...
> [16:55:09] /usr/bin/openssl found
> [16:55:09] Version 0.9.7a seems to be vulnerable (if unpatched)!
>
> I wonder if this is a false positive since I use the up2date tool
> frequently. If not, where can I get this patch?
> Karen
Its a false positive. Lame tools just checking for application version
numbers bring lame results. On distributions like Fedora with packages
which are nearly always patched such tools do mostly just irritate.
Check the bug reports and the RPM's changelog.
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp
Serendipity 02:07:21 up 10 days, 20:54, load average: 0.77, 0.58, 0.46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041201/ac46fc38/attachment-0001.sig>
More information about the fedora-list
mailing list