I scanned my computer with rkhunter, I am currently running opensuse 10.3, and as a linux newbie was worried when I got this message;
openssl 0.9.8.e is vulnerable!
I tried posting on another forum which dealt with rkhunter issues, but was told this vulnerability was an opensuse issue?
I would love any help on this issue, for I had a similar issue with openssh (which got me hacked recently), but fixed that-now openssl is leaving me at a loss.
I have guarddog as a firewall, if that helps :slight_smile:

Are you up to date with your updates from OpenSUSE? If so then don’t worry about this case. Often what happens is that vendors like OpenSUSE will patch, for example, openssl with the fixes, but not update the version number/letter in order not to trigger a chain of dependency updates. However naive software that only tests the release version of the package will cry wolf.

Perhaps somebody with a 10.3 installation (not me anymore) can check their openssl version and report back to double check. The patchlevel number is important here.

rpm -q openssl

Thank you for the reply, i typed in the code and got;
will this leave me vulnerable?
I have also changed the openssh ports and blocked port 22.

openssh and openssl are not related. It’s a good idea to change the openssh port anyway.

That version number is the same as what I get from querying my old 10.3 partition which I stopped using end of June 2008. I don’t know if there were any updates after that. Perhaps somebody else actually using 10.3 can help the OP.