OpenSSL/SSH 0.9.7d for FC2
Charles Heselton
charles.heselton at gmail.com
Mon Jul 19 18:30:11 UTC 2004
On Mon, 19 Jul 2004 08:37:23 -0400 (EDT), William Hooper
<whooperhsd3 at earthlink.net> wrote:
>
> Charles Heselton said:
> [snip]
> > But I'd like to update the package to fix the security hole.
>
> What security hole? Please provide specifics (for example a CVE number).
>
> A quick look at cve.mitre.org only shows one open canidate for OpenSSL, CAN-2004-0607 (which hasn't been fixed by OpenSSL yet). Besides that, they have all been fixed since March.
>
> If you are just using version numbers to make a comparison, you really should read http://www.redhat.com/advice/speaks_backport.html
>
> --
> William Hooper
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
While it's entirely possible that I'm just getting confused on
version number between OpenSSL and OpenSSH, these are the CVE #'s that
I was looking to update:
CAN-2004-0079 - Null-pointer assignment during SSL handshake
CAN-2004-0112 - Out-of-bounds read affects Kerberos ciphersuites
CAN-2004-00811- OpenSSL 0.9.6 before 0.9.6d infinite loop vulnerability
The resolution we chose at work was to upgrade to 0.9.7d. I was
looking to do the same for my FC2 box at home.
--
Charlie Heselton
Network Security Engineer
More information about the users
mailing list