On Jul 11, 2011, at 1:23 PM, Dennis Kibbe wrote:
> On Sun, 2011-07-10 at 12:00 -0400, R P Herrold wrote:
>> On Sun, 10 Jul 2011, Lisa Kachold wrote:
>>
>>> Thanks - I am especially interested in see the SSL updated. Currently the
>>> "stable" SSL available from the repo for CentOs 5 is exploitable.
>>
>> There are are no publicly known SSL issues in the openssl
>> maintained by CentOS
>>
>> Please state the CVE, or if a private zero day, Lisa, please
>> state the vector so I may set up a unit running the allegedly
>> vulnerable service or services [ie over http, smtp. pop,
>> whatever] for you to demonstrate this assertion
>>
>> -- Russ herrold
>
> One thing that people might not realize is that Red Hat back ports
> security fixes so you can't just look at the version number and assume
> that if it's not the latest it's flawed.
That definitely tripped me up when I first logged into a RH machine and the SSL version was years out of date (according to the SSL version number). After a little more digging I realized that RH was delivering patches.
alex
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)