OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
Paul Howarth
paul at city-fan.org
Wed Dec 1 16:19:46 UTC 2004
James Mckenzie wrote:
> You are correct. However there were two security releases after this update. I still lean towards installing OpenSSL 0.9.7e directly from the OpenSSL web site. However, there may be a further release through the FC Updates site. In order to properly install the direct download, I would have to rpm -e (or yum remove) the installed rpm from FC and then install (and hope I don't break anything) the OpenSSL code. This is an "advantage" of living on the "Bleeding Edge".
Or: you could build an RPM of openssl 0.9.7e and rpm -Uvh that. You could try
getting the SRPM for the FC3 openssl, swapping the 0.9.7e source in in place
of the 0.9.7a source and removing the patches, then build it.
Paul.
More information about the fedora-list
mailing list