[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)

Scootgirl said:

>Hi Rahul,

>I used that tool and it said everything on my system was OK except the 

>[16:55:09] Scanning OpenSSL...
>[16:55:09] /usr/bin/openssl found
>[16:55:09] Version 0.9.7a seems to be vulnerable (if unpatched)!
This is a very old version of OpenSSL 0.9.7 and has a known vulnerability, which was confirmed at the OpenSSL (www.openssl.org) web page.  OpenSSL 0.9.7 is now up to version 0.9.7e, released two weeks before FC3 was released.  I think that FC3 should have at least OpenSSL 0.9.7d.  Depending on how you installed FC/RH you can just download the source code and build OpenSSL.

>I wonder if this is a false positive since I use the up2date tool 
>frequently. If not, where can I get this patch?

Depending on which release you have, you might not get the latest and greatest release/updates.  That is why I tend to visit most of the sites that directly support additional software for my system on a semi-regular basis.  I will check my system to see which version of OpenSSL is installed, and if necessary, update it.  If I get the time, I may build an .rpm for OpenSSL and send it to the Extras site when it comes up.

James McKenzie
A Proud User of Linux!

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]