Firewall Wizards mailing list archives
Re: I cannot install Firestarter
From: "Paul D. Robertson" <proberts () patriot net>
Date: Wed, 15 Jan 2003 09:40:36 -0500 (EST)
On Wed, 15 Jan 2003, Martin Peikert wrote: [I'm going to nuke this thread unless something interesting comes up, but I'd like to point out a few things...]
Actually, if you sign up for RedHat's RHN service, then you can use the^^^^^^^^^^^^^^ Right. You have to sign up if you want to use up2date, but that service is not free - you have to pay for that what you can get free if you use apt. Ok, that isn't really my problem...
1. You can get one free account, or at least you could at one point. If you purchase the distribution, you can get one free account for sure. 2. Someone had a server out that looked to be functional if you wanted to roll your own server side.
Last december I needed to update a box where RH7.2 was installed and tried to use up2date for that purpose. I already knew that the version of openssl that was installed was buggy, but up2date didn't help to update that package to a acceptable version - the newest available was openssl-0.9.6b. As you know, that version was known as insecure long before december. I took the sources and built my own rpm.
It's worth noting that just checking version numbers on RedHat *isn't* a good way to figure out if a package is or isn't vulnerable. Redhat adds that third number because they often add patches to packages without upgrading to the latest and greatest. For instance, for OpenSSL, if you look at the errata for the fixes done in August of 2002, you'll see that for RedHat 6.2, they updated 0.9.5a (-29, which indicates a bunch of RH patching), but in the same errata note, they updated 0.9.6b (-13) for 7.0 and 7.1 and 0.9.6b (-28) for 7.2. So, it's worth noting, though I don't know the specifics of the bug you're talking about, it's very possible that up2date did actually fix your OpenSSL, and that you just weren't aware of it. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- I cannot install Firestarter Manlio Frizzi (Jan 14)
- Re: I cannot install Firestarter Martin Peikert (Jan 14)
- Re: I cannot install Firestarter Steffen Kluge (Jan 15)
- <Possible follow-ups>
- RE: I cannot install Firestarter Chapman, Justin T (Jan 14)
- Re: I cannot install Firestarter Martin Peikert (Jan 15)
- Re: I cannot install Firestarter Paul D. Robertson (Jan 15)
- Re: I cannot install Firestarter Martin Peikert (Jan 15)
- Re: I cannot install Firestarter Martin Peikert (Jan 14)