The recent ssl vulnerability
Gene Heskett
gene.heskett at verizon.net
Mon Nov 23 01:22:53 UTC 2009
On Sunday 22 November 2009, Todd Zullinger wrote:
>Gene Heskett wrote:
>> Is there any chance of getting the fixed openssl-0.9.8i for F10?
>>
>> This has stopped my ability to do any online banking, and with all
>> the horror stories about regarding loss of X when upgrading to F12,
>> I really don't want to destroy a working system just to get this
>> security fixed library. What we F10 users have now:
>> openssl-0.9.8g-14.fc10.i686
>>
>> So we are way more than one security fix behind.
>
>Not really. Just because the version number isn't the very latest
>doesn't mean the openssl maintainer hasn't backported security fixes.
>
>In the case of the recent session renegotiation vulnerabilities, there
>are some comments in bugzilla about why this has not been pushed as an
>update yet: https://bugzilla.redhat.com/show_bug.cgi?id=533125#c37
>
>I haven't read up on all the details, but wouldn't ensuring that your
>bank had upgraded their systems be equally, if not more, important in
>deciding whether you can trust them?
>
True, but I have little control over that other than threatening to move my
money. That has generally been sufficient so far, and has cured several
cases of blue smoke emitting from both my ears. :-) But this was I read, a
problem on my end, not the banks problem. This one I was under the
impression was up to me to fix. Is this not the case? Both ends have to be
fixed?
Please elaborate.
Thanks.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>
Am I in GRADUATE SCHOOL yet?
More information about the fedora-list
mailing list