Fedora Users — Re: Is fedora core 2 x86

Re: Is fedora core 2 x86_64 insecure ?

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Subject: Re: Is fedora core 2 x86_64 insecure ?

From: Paul Howarth <paul@xxxxxxxxxxxx>

Date: Thu, 30 Sep 2004 12:03:23 +0100

In-reply-to: <[email protected]>

References: <[email protected]>

Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922

Vikas Kedia wrote:

After a new install + yum update of FC2 x86_64 "root
kit hunter" complains

* Application version scan - OpenSSL 0.9.7a [ Vulnerable ] - OpenSSH 3.6.1p2 [ Vulnerable ]

Application scan
Vulnerable applications: 2

The latest version of OpenSSL is 0.9.7d
and the latest version of openssh is 3.9

Why does FC2 x86_64 use older versions of openssl and
openssh ?

The security bugfixes introduced in the newer versions are backported to the version used in the distribution, in order to reduce the impact of upgrades. You can see the list of addressed issues by looking at the rpm changelog:

rpm -q --changelog openssl

Paul.