Hi,
As I understand it OpenSSL v 0.9.7a and OpenSSH v 3.6.1p2 used in FC2 have had vulnerabilities for quite some time, as per the following advisories:
(http://www.openssl.org/news/secadv_20040317.txt) (http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:090)
My question is: are these vulnerabilities serious enough so that said libraries need to be updated, which leads to next question, as to where to find these updates (as there are presently none) on the FC2 updates mirror sites, in order to perform updates via "yum" for example?
TIA, and please forgive my ignorance if thats the case :)
Joseph
_________________________________________________________________
Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx
