Description of problem: CAN-2004-0079 and CAN-2004-0079 affect the openssl-0.9.7a packages shipped in Fedora Core 1. CAN-2004-0081 affects the openssl096 and openssl-096b compat packages shipped in Fedora Core 1. This is a tracker bug for this issue.
All this is fixed already for RH9. Why no rebuild and pushing it out for FC1?
Response at: http://www.redhat.com/archives/fedora-list/2004-March/msg03909.html
Strange, the "stuff", as you write it in your posting at the mailinglist is tested for RH9 - and what's up with RHEL3? There is an update available...untested?! So the latest update from OpenSSL for RHEL3 and Fedora Development don't differ much. I still can't understand why the problem is fixed in the old RH9 (which is near EOL), but also in the new RHEL3 which has approximately the same version as FC1/Rawhide, but there it isn't solved. ?:-|
FC1 update packages were made available for testing earlier today as per fedora-test posting. If you wish to accelerate progress of these updates then test the packages and post results here. Please keep any other discussion to the mailing list.
openssl-0.9.7a-33.10 Works For Me(tm) on the about 10 FC1 servers I installed it on so far. There have been no issues with it during upgrade/freshen and/or operation. Services in use are ssh, mod_ssl, imapd with ssl. I'll upgrade the rest during the weekend but am not expecting any problems. Just a confirmation that things seem to work.
Thanks Kaj for posting your feedback; the update was released last Friday.