> -----Original Message----- > From: Vigilance [mailto:[EMAIL PROTECTED] > Sent: Thursday, 11 March 2004 20:02 > To: [EMAIL PROTECTED] > Subject: Openssl upgrade on Red Hat 7.3 question > > > > > > > > >I have a question about upgrading openssl on Redhat 7.3 > > > >I have been runnning openssl 0.9.6b for quite some time without > >problems. Now I see that there is apparently a psybnc > attack out there > >for apache port 443. I've had to shut down https until I > can get this fixed. > > > >I installed 0.9.6l which seemed to go in just fine. > However, Redhat is > >still using the old stuff because the new openssl went into > /usr/local/ssl > >and the old stuff is in /usr/bin. I don't see anything like > $SSL_HOME to set. > > > >There is an FAQ comment to not remove /usr/bin/openssl or it > will break > >sendmail and ssh but there is nothing in there about what to > do about > >it. I'm not too keen to just put in a link under these > circumstances. > > > >I'd really like to be able to take advantage of these new > feature/security > >fixes for at least apache and ideally also for ssh. What do > I need to do > >to get this to work? > > > >Please cc me as well as responding to the forum. > > > >Thanks in advance >
First of all, Red Hat 7.3 is no longer supported by Red Hat. However, if you had used all the security updates so far supplied by Red Hat, there would be no known security issues. There is a legacy project for Red Hat 7.3 but no updates for Apache, openssl or mod_ssl have been released since the end of last year, when support ceased. However, if you wish to use a different version of openssl with apache, you would be best advised to recompile both openssl and apache. Details of how to do this are in the openssl documentation. www.redhat.com and https://rhn.redhat.com are a good place to start. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Why do so many people who call themselves christians use the name of Jesus Christ as a swear word? - DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
