In order to maintain compatibility, RedHat wouldn't release the new version of the software. Instead, they'd "backport" the security fix. This means that they'd take a look at the code that fixes the problem in the new version, then modify it so that it would work in the version that they'd shipped with RHL 9. As long as you had the last available update from RH, you're secure. Ben ----- Original Message ----- From: "Rhugga" <redhat@xxxxxxxxxxx> To: <redhat-list@xxxxxxxxxx> Sent: Thursday, May 06, 2004 5:12 PM Subject: RH 9's openssl?? > > This may be a stupid question but I have not been keeping up on > things... I know there have been numerous vulnerabilities discovered in > openssl-0.9.7x and it seems RH 9, even the latest update, is still > openssl-0.9.7a... > > I notice the minor version has changed (I think openssl-0.9.7a-20 is the > latest update) but not the core version. Is there a reason Red Hat is > lagging on this? > > Is everyone rolling there own builds of openssl? > > Thx, > keg > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
