[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] solarspeed openssl package

Subject: Re: [cobalt-security] solarspeed openssl package
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Tue, 01 Oct 2002 15:05:20 -0700
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

marcus miller wrote:

> for those that installed the solarspeed security update 'RaQ4:
> Mod_SSL-2.8.4/OpenSSL-0.96g' on our raq's, what is the best course of
> action.

I just got off the phone with Michael.  Best, and perhaps most important
is to realize that the ssl update does NOT fix the "slapper worm"
problem.

Second, it does DOWNGRADE the SSL.

I don't see any reason why it might cause incompatibility with future
updates, but of course when Sun Cobalt comes out with their next
operating system level revision it _will_ write over the solarspeed
fixes to core components anyway.

Michael does read this list; I imagine he'll make an announcement by
tomorrow.  You _can_ install the Cobalt fix if you want.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484

References:
- [cobalt-security] solarspeed openssl package
  - From: marcus miller

Prev by Date: Re: [cobalt-security] Licensing... was: openssl upgrade - PKG for the RaQ4 available
Next by Date: [cobalt-security] new sun cobalt patch
Previous by thread: Re: [cobalt-security] Ddos Prevention thru Throttleing
Next by thread: Re: [cobalt-security] solarspeed openssl package

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index