We were looking to upgrade to latest and greatest of OpenSSL to plug what we thought were vulnerabilities. We are running 0.9.7a, according to when we pass the 'version' flag. However, according to RedHat the package we have installed, via up2date, is patched to cover the latest vulnerabilities up to 0.9.8b.
I am not to crazy about the fact that version says other wise and that our external network auditor says our headers also show the same. So I am reaching out to get a general consensus and to see if perhaps others have gotten past this. Our options at this point are: 1.) Leave it and believe what RedHat says to be true. 2.) Upgrade to RHEL 4 as RH says that the latest package in RHEL 4 will update the header. Yet I'd rather that not be the driving factor for a complete upgrade. 3.) Figure out how to strip out OpenSSL and all the RH dependencies to install it via the source. Any thoughts? -Mark ******************************************************************************* The views, opinions, and judgments expressed in this message are solely those of the author. The message contents have not been reviewed or approved by the UFT Welfare Fund. ******************************************************************************* ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
