[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] solarspeed openssl package

Subject: Re: [cobalt-security] solarspeed openssl package
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 02 Oct 2002 08:51:10 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, 2002-10-02 at 00:50, Michael Stauber wrote:

> RaQ4-All-Security-2.0.1-2-15787.pkg fixes the /usr/lib/authenticate issues and 
> a .htacess related problem, but NOT the mod_ssl/2.8.4 OpenSSL/0.9.6b Slapper 
> vulnerability. Why Sun Cobalt didn't take the chance to fix two problems in 
> one patch is beyond my knowledge. Instead they'll most likely bother us with 
> another Apache-PKG in two months time. :o(

Michael,

are you certain about this?  Or did you figure from the openssl version
that apache reports?  The point is that they may have build mod_ssl
against openssl-0.9.6b-24 RPM that, despite its version, allegedly has
slapper-exploitable vulnerabilities fixed.

Eugene

Follow-Ups:
- Re: [cobalt-security] solarspeed openssl package
  - From: Michael Stauber

References:
- [cobalt-security] solarspeed openssl package
  - From: marcus miller
- Re: [cobalt-security] solarspeed openssl package
  - From: Michael Stauber

Prev by Date: [cobalt-security] security patches
Next by Date: Re: [cobalt-security] security guidelines
Previous by thread: Re: [cobalt-security] solarspeed openssl package
Next by thread: Re: [cobalt-security] solarspeed openssl package

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index