[CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes
Stephen Harris
lists at spuddy.org
Tue Aug 6 10:50:51 UTC 2013
On Tue, Aug 06, 2013 at 04:01:12PM +0530, Anumeha Prasad wrote:
> Hi,
>
> I'm currently at CentOS 5.8. I'm using openssl version
> openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus
> security scan:
Don't trust Nessus scans
> As per following link, Redhat has introduced openssl-0.9.8m which fixes
> this specific issue:
>
> https://access.redhat.com/site/articles/20490#Updates_adding_RFC_5746_support
If you follow that link it points to
https://rhn.redhat.com/errata/RHSA-2010-0162.html (openssl-0.9.8e-12.el5_4.6)
as having the fix.
Which is superceded by
https://rhn.redhat.com/errata/RHSA-2013-0587.html (openssl-0.9.8e-26.el5_9.1)
The version numbers reported by RedHat do not always match the version
numbers reported by upstream because RedHat backports fixes into older
versions.
According to the very pages you linked to, the flaw has been addressed
by RedHat in the 0.9.8e-12 and newer packages.
--
rgds
Stephen
More information about the CentOS
mailing list