[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] solarspeed openssl package
- Subject: Re: [cobalt-security] solarspeed openssl package
- From: "Admin 2be4u Internetdiensten" <admin@xxxxxxxx>
- Date: Wed, 2 Oct 2002 13:13:13 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Michael,
Thx for the explenation, i had no problems at all and everything is running
fine.
(with chillisoft ASP release 3.6.2)
Michel
----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, October 01, 2002 10:50 PM
Subject: Re: [cobalt-security] solarspeed openssl package
> Hi Marcus,
>
> > for those that installed the solarspeed security update 'RaQ4:
> > Mod_SSL-2.8.4/OpenSSL-0.96g' on our raq's, what is the best course of
> > action.
>
> Well, it is as follows:
>
> RaQ4-All-Security-2.0.1-2-15787.pkg fixes the /usr/lib/authenticate issues
and
> a .htacess related problem, but NOT the mod_ssl/2.8.4 OpenSSL/0.9.6b
Slapper
> vulnerability. Why Sun Cobalt didn't take the chance to fix two problems
in
> one patch is beyond my knowledge. Instead they'll most likely bother us
with
> another Apache-PKG in two months time. :o(
>
> So the recommended course of actions would be this:
>
> 1) Uninstall the Solarspeed PKG by running the uninstaller located at
> /var/lib/cobalt/uninstallers/mod_ssl-2.8.4.uninst
>
> 2) Then apply RaQ4-All-Security-2.0.1-2-15787.pkg
>
> 3) Re-apply the Solarspeed's RaQ4: Mod_SSL-2.8.4/OpenSSL-0.96g PKG
>
>
> --
>
> With best regards,
>
> Michael Stauber
> mstauber@xxxxxxxxxxxxxx
> Unix/Linux Support Engineer
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>