[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] solarspeed openssl package

Hi Michael,

thanks again for your time, this seems to have done the trick.

Marcus



From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] solarspeed openssl package
Date: Tue, 1 Oct 2002 22:50:03 +0200

Hi Marcus,

> for those that installed the solarspeed security update 'RaQ4:
> Mod_SSL-2.8.4/OpenSSL-0.96g' on our raq's, what is the best course of
> action.

Well, it is as follows:
RaQ4-All-Security-2.0.1-2-15787.pkg fixes the /usr/lib/authenticate issues and a .htacess related problem, but NOT the mod_ssl/2.8.4 OpenSSL/0.9.6b Slapper 
vulnerability. Why Sun Cobalt didn't take the chance to fix two problems in
one patch is beyond my knowledge. Instead they'll most likely bother us with 
another Apache-PKG in two months time. :o(

So the recommended course of actions would be this:

1) Uninstall the Solarspeed PKG by running the uninstaller located at
/var/lib/cobalt/uninstallers/mod_ssl-2.8.4.uninst

2) Then apply RaQ4-All-Security-2.0.1-2-15787.pkg

3) Re-apply the Solarspeed's RaQ4: Mod_SSL-2.8.4/OpenSSL-0.96g PKG


--

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security





_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com