[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)



James Mckenzie wrote:
You are correct. However there were two security releases after this update. I still lean towards installing OpenSSL 0.9.7e directly from the OpenSSL web site. However, there may be a further release through the FC Updates site. In order to properly install the direct download, I would have to rpm -e (or yum remove) the installed rpm from FC and then install (and hope I don't break anything) the OpenSSL code. This is an "advantage" of living on the "Bleeding Edge".

Or: you could build an RPM of openssl 0.9.7e and rpm -Uvh that. You could try getting the SRPM for the FC3 openssl, swapping the 0.9.7e source in in place of the 0.9.7a source and removing the patches, then build it.


Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]