Re: rkhunter report

[Paul Cartwright <debian@pcartwright.com>]

On 11/20/2010 03:14 PM, Boyd Stephen Smith Jr. wrote:
>> >Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a
>> >security risk. Warning: Application 'openssl', version '0.9.8n', is out of
>> >date, and possibly a security risk. Warning: Application 'sshd', version
>> >'5.5p1', is out of date, and possibly a security risk.
>> >
>> > 
>
> I does look like "gnupg" and "openssl" have received some updates since the 
> Lenny release, and "openssl" got some from the security team specifically.  
> "openssh-server" hasn't been updated since the Lenny release, AFAIK.
>
> If there is a specific vulnerability you are concerned about, asking on 
> debian-security for the status of a fix might be appropriate.  As far as 
> unknown threats go, there may be security flaws in the Lenny versions that are 
> fixed upstream, but there may also be new flaws introduced upstream and are 
> not in the Lenny versions.
I am not so much concerned about about vulnerability as I am rkhunter
giving me a warning about "up-2-date" apps..
openssl might concern me, because I use ssl.. same with ssh.. since MOST
of what I do is behind my router, I am not very public internet facing..
I just don't like getting messages that tell me something is NOT
uptodate, when I am ALWAYS up to date..


-- 
Paul Cartwright
Registered Linux user # 367800