[TriLUG] [Fwd: CERT Advisory CA-2002-27 Apache/mod_ssl Worm]
Daniel T. Chen
crimsun at email.unc.edu
Sun Sep 15 12:42:54 EDT 2002
On 15 Sep 2002, Jeremy Katz wrote:
> Also note that version numbers can be misleading. A lot of vendors
> (from what I remember, I'll even hazard to say "most") actually just
> backported the patches to what they were shipping instead of bumping up
> to 0.9.6d as 0.9.6d is not binary compatible with previous releases of
> openssl. So double-check against your vendor's errata website and make
> sure you've got all of the current updates. Also be sure that you
> completely shut down and restart apache.
Indeed, I just upgraded a friend of mine's RH 7.2 webserver yesterday,
and the latest errata for openssl* have the patches backported from
0.9.6e. ``rpm -qi --changelog openssl'' is a beautiful thing. :)
---
Dan Chen crimsun at email.unc.edu
GPG key: www.unc.edu/~crimsun/pubkey.gpg.asc
More information about the TriLUG
mailing list