[CentOS] OpenSSL on CentOS 3.4?

Fri Jun 17 00:08:45 UTC 2005
Johnny Hughes <mailing-lists at hughesjr.com>

On Thu, 2005-06-16 at 16:56 -0700, Peter Loron wrote:
> I'm running a CentOS 3.4 box. According to yum, the OpenSSL 0.9.7a-33.15
> package I have installed is the latest available. A check of the OpenSSL
> website shows 0.9.7g source being the latest.
> 
> Is the CentOS 0.9.7a package patched to cover the same isues that the
> generic 0.9.7 source covers?
> 
> If not, what's my recourse? Build it by hand? If I need to build it, has
> anybody crossed that bridge?
> 

Read this concerning backporting:

http://www.redhat.com/advice/speaks_backport.html

If you have a specific CAN number you are concerned about, do this:

rpm --changelog -q openssl | grep CAN-xxxx

(or just grep CAN to see all security issues)

RedHat is very proactive at doing security updates...and CentOS is very
quick to push them as soon as RedHat does.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20050616/a728a36e/attachment-0005.sig>