Re: Redhat and OpenSSL Manner

---

• From: "Vahric MUHTARYAN" <vahric@xxxxxxxxxxxx>
• Date: Thu, 21 Dec 2006 17:07:33 +0200

---

thank you very much :)

----- Original Message ----- From: "Aleksandar Milivojevic" <alex@xxxxxxxxxxxxxxx>
To: <redhat-list@xxxxxxxxxx>
Sent: Thursday, December 21, 2006 5:02 PM
Subject: Re: Redhat and OpenSSL Manner


Quoting Vahric MUHTARYAN <vahric@xxxxxxxxxxxx>:

Hello ,

We are scanning our web servers for vulnerability but I have a problem on one thing. I red that redhat never change version of openssl but it's updating . it just only add additional numbers behind of packet. like below but I don't know is this version equal to 0.9.7l or 0.9.8d . Anybody have knowledge about it ?

openssl-0.9.7a-43.14

It's equivalent to 0.9.7a as originally distributed by OpenSSL project, with security and bug fixes added to it by Red Hat. The package is always built from version of source it is claiming to be, with security and bug patches applied to it.

The rule of thumb is, the version is always what it says it is. With security and bug fixes backported from newer versions. In some cases, enhancements and new features might be backported from newer versions too if they are not introducing any compatibility problems (for example this is often done for kernel package in RHEL to support new hardware). Notice the keyword "backported" that I used. Red Hat does not use new version of the source code. They just reimplement fixes into the old version as a series of patches. If you look into the SRPM packages, you'll see that they contain original unchanged source code wich is the same version as the package version, and also bunch of patches (security and bug fixes) that get applied to that source code prior to compilation.



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

---

• References:
  • Redhat and OpenSSL Manner
    • From: Vahric MUHTARYAN
  • Re: Redhat and OpenSSL Manner
    • From: Aleksandar Milivojevic

• Prev by Date: Re: Redhat and OpenSSL Manner
• Next by Date: RE: warning dialog box
• Previous by thread: Re: Redhat and OpenSSL Manner
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Moving from Redhat to Debian ... I moved to debian from redhat a little over a year ago. ... the there are a number of package ... aged enough in unstable to vet their most glaring bugs. ... (comp.os.linux.misc) The answers to these "Death of RedHat threads".. ... Q. Is RedHat Linux Dead? ... The product named "Redhat Linux" is no longer around as ... hat that is worn in the ReHat Shadowman logo is actually called a Fedora). ... package and any required dependencies and install them.. ... (linux.redhat) Re: SOL licensing confusion ... >> cost equal to the cost of trasmitting the media where the source code was ... mostly in Python) RedHat has always been one of the most vocal ... Gnome project wouldn't have existed (Gnome project was redhat's and ... (comp.unix.solaris) openssl | RH Enterpsie | 0.9.7a?? ... Redhat, so I'm hoping someone can offer a general suggestion on how to ... Redhat Enterprise WS comes with openSSL 0.9.7.a, as indicated by rpm ... directories - makes doing updates a real pain. ... (linux.redhat) Mandr* vs. Fudora [was Re: No longer prompted for password!?!] ... Trying to find a free distro at Mandriva's ... Redhat has refused free downloads. ... a license which violates the GPL in any reasonable ... bug fixes into the original version of a package. ... (comp.os.linux.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)