Is fedora core 2 x86_64 insecure ?
Paul Howarth
paul at city-fan.org
Thu Sep 30 11:03:23 UTC 2004
Vikas Kedia wrote:
> After a new install + yum update of FC2 x86_64 "root
> kit hunter" complains
>
> * Application version scan
> - OpenSSL 0.9.7a
> [ Vulnerable ]
> - OpenSSH 3.6.1p2
> [ Vulnerable ]
>
> Application scan
> Vulnerable applications: 2
>
> The latest version of OpenSSL is 0.9.7d
> and the latest version of openssh is 3.9
>
> Why does FC2 x86_64 use older versions of openssl and
> openssh ?
The security bugfixes introduced in the newer versions are backported to the
version used in the distribution, in order to reduce the impact of upgrades.
You can see the list of addressed issues by looking at the rpm changelog:
rpm -q --changelog openssl
Paul.
More information about the fedora-list
mailing list