Scootgirl said: >Hi Rahul, >I used that tool and it said everything on my system was OK except the >following: >[16:55:09] Scanning OpenSSL... >[16:55:09] /usr/bin/openssl found >[16:55:09] Version 0.9.7a seems to be vulnerable (if unpatched)! This is a very old version of OpenSSL 0.9.7 and has a known vulnerability, which was confirmed at the OpenSSL (www.openssl.org) web page. OpenSSL 0.9.7 is now up to version 0.9.7e, released two weeks before FC3 was released. I think that FC3 should have at least OpenSSL 0.9.7d. Depending on how you installed FC/RH you can just download the source code and build OpenSSL. >I wonder if this is a false positive since I use the up2date tool >frequently. If not, where can I get this patch? Depending on which release you have, you might not get the latest and greatest release/updates. That is why I tend to visit most of the sites that directly support additional software for my system on a semi-regular basis. I will check my system to see which version of OpenSSL is installed, and if necessary, update it. If I get the time, I may build an .rpm for OpenSSL and send it to the Extras site when it comes up. James McKenzie A Proud User of Linux!
