Red Hat Linux update for Linux Slapper worm

Red Hat Linux update for Linux Slapper worm

am 20.09.2002 12:31:18 von John.Airey

Further to my previous posting, I have been informed by Red Hat of the
following:

"http://rhn.redhat.com/errata/RHSA-2002-155.html was released on the 29th of
July
and fixed the vulnerability that the Linux Slapper worm takes advantage of.
We
released a new version of OpenSSL a little later that fixed one of the other
vulnerabilities, http://rhn.redhat.com/errata/RHSA-2002-160.html

If you upgraded to either of the OpenSSL errata and followed the
instructions
about restarting your services you are protected against the Linux slapper
worm.

Just to explain how we can have a fix so quickly - The OpenSSL group gave
vendors advance notice of the vulnerabilities giving us time to prepare
updated
packages in advance of their advisory."

However, Red Hat (and others such as Suse) have been very quiet about this.
They have not informed CERT or Bugtraq that this vulnerability is fixed in
their latest version. I didn't even get told this when I rang their support
department.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

Reality TV - the ultimate oxymoron


-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org