Lib dependencies again
Net Llama!
netllama
Mon May 17 11:44:56 PDT 2004
On Fri, 28 Feb 2003, Tom Wilson wrote:
> Hi all,
>
> In my efforts to get the latest version of Webmin on my proxy server(RH8
> box), I'm trying to upgrage a box to openssl-0.9.6g-1 from
> openssl-0.9.6b-28. I built the rpms from source and when I did the
Why? Anything older than 0.9.6i has a know password exploit
vulnerability.
> My thought is to use the --replacefiles option since I don't care if the
> actual openssl-0.9.6b binary is overwritten, I just want to keep the
> older libraries. Will doing --replacefiles be a wise option or will it
> replace the libraries too? Is this file conflict just the tip of the
> iceberg of many more?
>
> This is a production box so I didn't want to go messing without getting
> some input.
If this is a production box then you need 0.9.6i, and nothing else.
Otherwise you'll remain vulnerable.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lonni J Friedman netllama at linux-sxs.org
Linux Step-by-step & TyGeMo http://netllama.ipfox.com
More information about the Linux-users
mailing list