After a new install + yum update of FC2 x86_64 "root kit hunter" complains
* Application version scan
- OpenSSL 0.9.7a [ Vulnerable ]
- OpenSSH 3.6.1p2 [ Vulnerable ]
Application scan Vulnerable applications: 2
The latest version of OpenSSL is 0.9.7d and the latest version of openssh is 3.9
Why does FC2 x86_64 use older versions of openssl and openssh ?
The security bugfixes introduced in the newer versions are backported to the version used in the distribution, in order to reduce the impact of upgrades. You can see the list of addressed issues by looking at the rpm changelog:
rpm -q --changelog openssl
Paul.
