Hi,
I was compiling a new version of bind on my centos 4.6 server and I discovered that the openssl version (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated with it. I was wondering aside from removing the RPM and compiling a new version of openssl how can I upgrade my current openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected by the exploits. I know I can yum update openssl as that's is the last version for openssl for version 4.
What can I do upgrade openssl? Is it possible to update the server from 4.6 to 5?, is this something that I want to do or is there a better way?
TIA, Paul
On Fri, 1 Feb 2008 12:49:10 -0500 "Paul A" razor@meganet.net took out a #2 pencil and scribbled:
Hi,
I was compiling a new version of bind on my centos 4.6 server and I discovered that the openssl version (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated with it. I was wondering aside from removing the RPM and compiling a new version of openssl how can I upgrade my current openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected by the exploits. I know I can yum update openssl as that's is the last version for openssl for version 4.
What can I do upgrade openssl? Is it possible to update the server from 4.6 to 5?, is this something that I want to do or is there a better way?
TIA, Paul
Security fixes are backported, so the version number is not a good indicator of security vulnerabilities. You may wish to look at the change log associated with the rpm.
rpm -q --changelog openssl
HTH
Thanks Alex.
I'm assuming that if another security exploit is found that the openssl version number who change on the repo correct, if not how would yum know to update?
Thanks, Paul
P.A > -----Original Message----- P.A > From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On P.A > Behalf Of Alex White P.A > Sent: Friday, February 01, 2008 1:13 PM P.A > To: CentOS mailing list P.A > Subject: Re: [CentOS] centos 4.6 and openssl P.A > P.A > On Fri, 1 Feb 2008 12:49:10 -0500 P.A > "Paul A" razor@meganet.net took out a #2 pencil and scribbled: P.A > P.A > > Hi, P.A > > P.A > > I was compiling a new version of bind on my centos 4.6 server and P.A > > I discovered that the openssl version P.A > > (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated P.A > > with it. I was wondering aside from removing the RPM and P.A > > compiling a new version of openssl how can I upgrade my current P.A > > openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected P.A > > by the exploits. I know I can yum update openssl as that's is the P.A > > last version for openssl for version 4. P.A > > P.A > > What can I do upgrade openssl? P.A > > Is it possible to update the server from 4.6 to 5?, is this P.A > > something that I want to do or is there a better way? P.A > > P.A > > P.A > > TIA, Paul P.A > P.A > Security fixes are backported, so the version number is not a good P.A > indicator of security vulnerabilities. You may wish to look at the P.A > change log associated with the rpm. P.A > P.A > rpm -q --changelog openssl P.A > P.A > HTH P.A > P.A > -- P.A > ethericalzen@gmail.com P.A > Life is a prison, death is a release P.A > _______________________________________________ P.A > CentOS mailing list P.A > CentOS@centos.org P.A > http://lists.centos.org/mailman/listinfo/centos
On Fri, 1 Feb 2008 13:40:32 -0500 "Paul A" razor@meganet.net took out a #2 pencil and scribbled:
Thanks Alex.
I'm assuming that if another security exploit is found that the openssl version number who change on the repo correct, if not how would yum know to update?
Thanks, Paul
Typically if such a thing is to happen you'll see a release bump, similar to 0.9.8b-8.3.2 to 0.9.8b-8.3.3
HTH
Paul A wrote:
Hi,
I was compiling a new version of bind on my centos 4.6 server and I discovered that the openssl version (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated with it. I was wondering aside from removing the RPM and compiling a new version of openssl how can I upgrade my current openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected by the exploits. I know I can yum update openssl as that's is the last version for openssl for version 4.
What can I do upgrade openssl? Is it possible to update the server from 4.6 to 5?, is this something that I want to do or is there a better way?
TIA, Paul
Paul,
For the record, see this about what backporting is:
RedHat backports fixes to all it's enterprise versions to minimize api/abi changes and create seucre software that functions consistently throught it's lifetime without having to rewrite custom software.
That is the whole reason to have enterprise software, so you do not have to do major program upgrades every 6 months.
-
Alex White -
Johnny Hughes -
Paul A -
Ralph Angenendt