[ale] Redhats package naming convention

Billy Quinn bquinn at ersconnect.com
Tue Sep 17 10:58:51 EDT 2002 

Thanks for the verification Jerry, thats what I figured. 

Billy

> ----------
> From: 	Jerry Z. Yu[SMTP:z.yu at voicecom.com]
> Sent: 	Tuesday, September 17, 2002 10:56 AM
> To: 	Billy Quinn
> Cc: 	'ale at ale.org'
> Subject: 	Re: [ale] Redhats package naming convention
> 
> 	RedHat tends to back port patches to earlier version, instead of 
> using vendor's new release with newer version number. This is probably 
> done to keep the version # to avoid wrecking rpm dependencies.
> 	That leaves us users to read more carefully the RHSA pages. For 
> openssl errata,
> http://rhn.redhat.com/errata/RHSA-2002-160.html
> http://rhn.redhat.com/errata/RHSA-2002-155.html
> 
> 
>  On Tue, 17 Sep 2002, Billy Quinn wrote:
> 
> #All,
> #
> #I've downloaded openssl-0.9.6b-28 from redhat.com , which is their latest
> #release of openssl. I'm trying to verify this fixes all of the exploits
> from
> #the apache worm(" CERT Advisory CA-2002-27 Apache/mod_ssl Worm ")
> # with regard to openssl exploits. I'm nearly sure it does , because the
> #exploit for the worm seems to have been fixed in the release of the
> #openssl-0.9.6b-24 release.
> #
> #I guess my question is , the number after 0.9.6b seems to be a build
> number
> #- Redhat do not seem to change the version ( in the case the 0.9.6b) ?
> I'm
> #not intimately familiar with their package naming convention , and I need
> to
> #make sure the build number increase is some kind of patching . In other
> #distro's ( Mandrake ) , you can find rpm's for 0.9.6e and above which is
> #what openssl group recommend - apparently Redhat just bump up the build
> #number of the base package.
> #
> #Can anyone doubly verify that the openssl-0.9.6b-28 has all the patches
> to
> #prevent SSL exploits ( like the openssl-0.9.6e-g releases from the
> openssl
> #group ) ? I'm replacing some IIS servers , and last thing I want to do is
> #have the Apache servers hit with that worm/SSL exploit  !
> #
> #
> #Thanks
> #Billy
> #
> #---
> #This message has been sent through the ALE general discussion list.
> #See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be 
> #sent to listmaster at ale dot org.
> #
> 
> Jerry Z. Yu				+1-404-487-8544 (O)
> systems engineer			z.yu at voicecom.com
> is support, voicecom, llc		www.voicecom.com
> 

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list