[Techtalk] "Slapper" worm

Dave North dave at timocharis.com
Fri Sep 20 11:01:03 EST 2002


Of course, I knew when I posted the "obscure" comment about the SuSE patch
that they would finally have addressed the issue ... so during my daily
security rounds I find this as the latest post to the security notices:

> Date:                   Thu Sep 19 2002
>
> We have received numerous inquiries from SuSE users on whether the
> update packages provided by SuSE as part of SA:2002:027 fix this bug
> even though they do not contain the latest OpenSSL version recommended
> in various advisories.
>
> To clarify this, we would like to state that these packages DO FIX
> the bug exploited by the Slapper worm.

So it took almost a week, but they got around to clearing it up. The weird
part is, they may be among the first distributions to handle this question
publicly (clarify the version vs does it work? issue).


d




More information about the Techtalk mailing list