[CentOS] OpenSSL on CentOS 3.4?

Fri Jun 17 01:02:29 UTC 2005
Peter Loron <peterl at standingwave.org>

Johnny Hughes wrote:
> On Thu, 2005-06-16 at 16:56 -0700, Peter Loron wrote:
> 
>>I'm running a CentOS 3.4 box. According to yum, the OpenSSL 0.9.7a-33.15
>>package I have installed is the latest available. A check of the OpenSSL
>>website shows 0.9.7g source being the latest.
>>
>>Is the CentOS 0.9.7a package patched to cover the same isues that the
>>generic 0.9.7 source covers?
>>
>>If not, what's my recourse? Build it by hand? If I need to build it, has
>>anybody crossed that bridge?
>>
> 
> 
> Read this concerning backporting:
> 
> http://www.redhat.com/advice/speaks_backport.html
> 
> If you have a specific CAN number you are concerned about, do this:
> 
> rpm --changelog -q openssl | grep CAN-xxxx
> 
> (or just grep CAN to see all security issues)
> 
> RedHat is very proactive at doing security updates...and CentOS is very
> quick to push them as soon as RedHat does.

Excellent! Thanks for the info on how to check for backports.

-Pete