RE: [rhn-users] update now and openssl questions...

[Bret McMillan <bretm redhat com>]

On Tue, 29 Apr 2003, DB wrote:

> The Linux guru that I sometimes rely on told me that RH will often have
> their own version, or a different version number of mods like mod_ssl or
> other rpm's that have been patched for security breaches or bug fixes, is
> this correct?

Yup.

> I was wondering if so, how would I know if the openssl patch on the openssl
> site is the same thing I would be getting on the red hat site?  Is rh as
> current or more up to date for bug fixes for mods than other sources?

A question I can give no unbiased answer to :)  For my $, I'd go w/ RH 
packages *every time*.  But that's just me :)

As for knowing whether certain packages fix particular issues, you can 
take a look at an errata:
https://rhn.redhat.com/errata/RHSA-2003-101.html

Note the CVEs listed?  The term stands for "Common Vunerabilities and 
Exposures" ... so I'd try to get a list of CVEs/CANs from the alternate 
source, and then see if the RH errata solves those.  http://cve.mitre.org/ 
to learn more.

Bret