The last word on the Linux Slapper worm

[John.Airey () rnib org uk (John.Airey () rnib org uk)]

My issue was not with the vendor not changing the version number of the
package with updates, which themselves are so staggeringly inconsistent to
make the process very difficult if not impossible, but with not advising the
users about the patch level. As I write, CERT still have no updates to the
alert at http://www.cert.org/advisories/CA-2002-27.html. Going by their
data, every Linux vendor exceot Red Hat is still vulnerable.

In this case the issue of not having a Red Hat package version matching the
latest version is in the openssl FAQ anyway (and I need to update it as it
applies to the last security patch at 0.9.6b).

Of course, it's fallacious to think that you always need the latest version.
For example, openssl 0.9.6g contains an update for code that is still in
beta testing.

(This time I'm only posting once. It went twice the last time due to my
overeagerness to post before and after subscribing!)

John 

- sigless due to hopeless Outlook Web Access.
- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk