[KLUG Members] Linux Worm

Adam Williams members@kalamazoolinux.org
21 Sep 2002 20:58:00 -0400

Previous message: [KLUG Members] Linux Worm
Next message: [KLUG Members] Bind 9 exotic featues?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Just a note to you that I heard about yesterday, I found out more
>tonight,
>http://www.wired.com/news/linux/0,1411,55172,00.html

Yep, it's been floating about for about a week.  It requires the server
be running Apache and OpenSSL 0.9.6d or before.  That version of OpenSSL
was released on May 9th.  It's predecessor 0.9.6e was released on July
30, so most production systems should have been patched.

If your RedHat OpenSSL package was compiled on or after the 29th of July
it contains patches that remedy this exploit even though the OpenSSL
version is prior to 0.9.6d.

http://www.redhat.com/support/alerts/linux_slapper_worm.html

-- 
----------------------------------------------------------------
This message undoubtedly processed by the purely benevolent "US
Department of Homeland Security",  but don't worry... they're
only goal is to protect life, liberty and the pursuit of property.

Previous message: [KLUG Members] Linux Worm
Next message: [KLUG Members] Bind 9 exotic featues?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]