[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: Re: RedHat RPMS
From: Brian Hatch <bri () stunnel ! org>
Date: 2002-07-10 5:19:43
[Download RAW message or body]
> >What version of Stunnel are they shipping? If it's an older one that
> >didn't have any problems, then that's fine. Compare the version against
> >the list of Stunnel vulnerabilities.
>
> In RedHat 6.2, they shipped 3.10-2 (that is the version reported by 'rpm
> -q') and there has been no patch or update for this. It could be that this
> RPM is based on 3.10 with some fixes back-ported?
Porting security patches back to a known version (without additional
features and such that they haven't tested) is very very common (and
usually a good idea because it fixes the security problem without
adding new untested code to the distribution.)
IIRC, 3.10 has no known security-related bugs. Some bugs were
introduced after that, and fixed in 3.22.
--
Brian Hatch Do infants enjoy infancy
Systems and as much as adults enjoy
Security Engineer adultery?
http://www.ifokr.org/bri/
Every message PGP signed
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic