The recent ssl vulnerability
Todd Zullinger
tmz at pobox.com
Mon Nov 23 01:09:50 UTC 2009
Gene Heskett wrote:
> Is there any chance of getting the fixed openssl-0.9.8i for F10?
>
> This has stopped my ability to do any online banking, and with all
> the horror stories about regarding loss of X when upgrading to F12,
> I really don't want to destroy a working system just to get this
> security fixed library. What we F10 users have now:
> openssl-0.9.8g-14.fc10.i686
>
> So we are way more than one security fix behind.
Not really. Just because the version number isn't the very latest
doesn't mean the openssl maintainer hasn't backported security fixes.
In the case of the recent session renegotiation vulnerabilities, there
are some comments in bugzilla about why this has not been pushed as an
update yet: https://bugzilla.redhat.com/show_bug.cgi?id=533125#c37
I haven't read up on all the details, but wouldn't ensuring that your
bank had upgraded their systems be equally, if not more, important in
deciding whether you can trust them?
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Anyone who in discussion relies upon authority uses, not his
understanding, but rather his memory.
-- Leonardo Da Vinci
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20091122/f38f6f89/attachment-0001.sig>
More information about the fedora-list
mailing list