On Fri, 1 Feb 2008 12:49:10 -0500 "Paul A" <razor at meganet.net> took out a #2 pencil and scribbled: > Hi, > > I was compiling a new version of bind on my centos 4.6 server and > I discovered that the openssl version > (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated > with it. I was wondering aside from removing the RPM and > compiling a new version of openssl how can I upgrade my current > openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected > by the exploits. I know I can yum update openssl as that's is the > last version for openssl for version 4. > > What can I do upgrade openssl? > Is it possible to update the server from 4.6 to 5?, is this > something that I want to do or is there a better way? > > > TIA, Paul Security fixes are backported, so the version number is not a good indicator of security vulnerabilities. You may wish to look at the change log associated with the rpm. rpm -q --changelog openssl HTH -- ethericalzen at gmail.com Life is a prison, death is a release