I'm running a CentOS 3.4 box. According to yum, the OpenSSL 0.9.7a-33.15 package I have installed is the latest available. A check of the OpenSSL website shows 0.9.7g source being the latest.
Is the CentOS 0.9.7a package patched to cover the same isues that the generic 0.9.7 source covers?
If not, what's my recourse? Build it by hand? If I need to build it, has anybody crossed that bridge?
Thanks.
-Pete
Am Fr, den 17.06.2005 schrieb Peter Loron um 1:56:
I'm running a CentOS 3.4 box. According to yum, the OpenSSL 0.9.7a-33.15 package I have installed is the latest available. A check of the OpenSSL website shows 0.9.7g source being the latest.
Is the CentOS 0.9.7a package patched to cover the same isues that the generic 0.9.7 source covers?
-Pete
The "33.15" indicates the patchlevel of the OpenSSL package. Yes, Red Hat backports [1] fixes for issues. You can check the rpm --changelog for CAN numbers and comments. With other words, you don't need to get the upstream version to be on the safe side.
[1] http://www.redhat.com/advice/speaks_backport.html
Alexander
On Thu, 2005-06-16 at 16:56 -0700, Peter Loron wrote:
I'm running a CentOS 3.4 box. According to yum, the OpenSSL 0.9.7a-33.15 package I have installed is the latest available. A check of the OpenSSL website shows 0.9.7g source being the latest.
Is the CentOS 0.9.7a package patched to cover the same isues that the generic 0.9.7 source covers?
If not, what's my recourse? Build it by hand? If I need to build it, has anybody crossed that bridge?
Read this concerning backporting:
http://www.redhat.com/advice/speaks_backport.html
If you have a specific CAN number you are concerned about, do this:
rpm --changelog -q openssl | grep CAN-xxxx
(or just grep CAN to see all security issues)
RedHat is very proactive at doing security updates...and CentOS is very quick to push them as soon as RedHat does.
Johnny Hughes wrote:
On Thu, 2005-06-16 at 16:56 -0700, Peter Loron wrote:
I'm running a CentOS 3.4 box. According to yum, the OpenSSL 0.9.7a-33.15 package I have installed is the latest available. A check of the OpenSSL website shows 0.9.7g source being the latest.
Is the CentOS 0.9.7a package patched to cover the same isues that the generic 0.9.7 source covers?
If not, what's my recourse? Build it by hand? If I need to build it, has anybody crossed that bridge?
Read this concerning backporting:
http://www.redhat.com/advice/speaks_backport.html
If you have a specific CAN number you are concerned about, do this:
rpm --changelog -q openssl | grep CAN-xxxx
(or just grep CAN to see all security issues)
RedHat is very proactive at doing security updates...and CentOS is very quick to push them as soon as RedHat does.
Excellent! Thanks for the info on how to check for backports.
-Pete