[ale] Redhats package naming convention

Jerry Z. Yu z.yu at voicecom.com
Tue Sep 17 10:56:46 EDT 2002 

	RedHat tends to back port patches to earlier version, instead of 
using vendor's new release with newer version number. This is probably 
done to keep the version # to avoid wrecking rpm dependencies.
	That leaves us users to read more carefully the RHSA pages. For 
openssl errata,
http://rhn.redhat.com/errata/RHSA-2002-160.html
http://rhn.redhat.com/errata/RHSA-2002-155.html


 On Tue, 17 Sep 2002, Billy Quinn wrote:

#All,
#
#I've downloaded openssl-0.9.6b-28 from redhat.com , which is their latest
#release of openssl. I'm trying to verify this fixes all of the exploits from
#the apache worm(" CERT Advisory CA-2002-27 Apache/mod_ssl Worm ")
# with regard to openssl exploits. I'm nearly sure it does , because the
#exploit for the worm seems to have been fixed in the release of the
#openssl-0.9.6b-24 release.
#
#I guess my question is , the number after 0.9.6b seems to be a build number
#- Redhat do not seem to change the version ( in the case the 0.9.6b) ?  I'm
#not intimately familiar with their package naming convention , and I need to
#make sure the build number increase is some kind of patching . In other
#distro's ( Mandrake ) , you can find rpm's for 0.9.6e and above which is
#what openssl group recommend - apparently Redhat just bump up the build
#number of the base package.
#
#Can anyone doubly verify that the openssl-0.9.6b-28 has all the patches to
#prevent SSL exploits ( like the openssl-0.9.6e-g releases from the openssl
#group ) ? I'm replacing some IIS servers , and last thing I want to do is
#have the Apache servers hit with that worm/SSL exploit  !
#
#
#Thanks
#Billy
#
#---
#This message has been sent through the ALE general discussion list.
#See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
#sent to listmaster at ale dot org.
#

Jerry Z. Yu				+1-404-487-8544 (O)
systems engineer			z.yu at voicecom.com
is support, voicecom, llc		www.voicecom.com


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list