Re: [cobalt-users] [RaQ4] FYI: Apache & SSL Update 2.0.1

["Dave Thurman (Mailing List Email)" <listonly@xxxxxxxxxxxxxxxxxxxx>]

on 10/5/02 2:48 PM, MC Gonzalez stated:

> Thanks Dave!  I followed this procedure on my development Raq4 and all
> seems to have gone well, it rebooted without problems, though I still
> also see openssl 0.9.6b as my version.  I had updated openssl manually
> when the exploits first were reported.  I also had previously updated
> Chilisoft.
> 
> I have my fingers crossed that things will go as well with my production
> box (also a Raq4, but without the Chilisoft update).
> 
> A question.  Do you think reinstalling Openssl 0.9.6g will do any harm
> or good?

We just did our last Raq4 with the security update. It has the bulk of
clients and SSL users. We didn't have any problems yet...

We also show 9.6b on the version check and yet it is showing okay at
netcraft. Gerald and I talked about the Chili!Soft issue. We don't use
Chili!Soft for our clients, but in trying to keep the box as close to Sun
way as possible we left it in and updated, even on the production box.
Gerald didn't do the Chili but he also stated he did the install from SSH
and when the update was completed it didn't ask for a reboot. When he
rebooted the web svc went down. We did the GUI install. Which with this new
knowledge just confuses the mix even more:)

I can't honestly answer if doing the OpenSSL-0.9.6g engine update will help.
It would be nice if a Sun tech would comment on what one should do or if
it's needed. I don't think this update addressed the OpenSSL issue of late.
So Solar Speed's and Gerald's methods, I would do as insurance.

Sorry can't answer that one.
-- 
Thanks!!
Dave Thurman
The Web Presence Group / www.webpresencegroup.net
Listonly <at> webpresencegroup.net / Spam Block 8^Q