[CentOS] upgrade my open ssl

Mon Jul 16 15:52:04 UTC 2007
Johnny Hughes <johnny at centos.org>

Ray Leventhal wrote:
> mailadmin at baladia.gov.kw wrote:
>> Dear All,
>>
>> I have centos 4.5 final and when i installed it there is a openssl version
>>  openssl-0.9.7a-43.16 ..
>>
>> i need to upgrade it to openssl 0.9.8 ..
>> also when i try to uninstall it it gives me a failed dependency errror
>>
>> actually i did a nodeps and uninstalled openssl ver 0.9.8 but when my
>> sendmail was restatered compalined saying libssl.so.4 missing or error
>>
>> actually i found that thaere was libssl.so.6 in /lib directory.
>>
>> if i say yum update openssl or yum install openssl it searches the
>> repositories and says nothin to do.
>>
>> How can i upgrade my openssl...
>>
>> apprecite if u can guide me
>>

> HI Simon,
> 
> I'm no expert, but when I've run into this type of issue with an
> installed component on CentOS 5, I've learned here that performing:
> 
> yum clean
> yum update
> 
> often does the trick.
> 

In this case he wants a version of openssl that is not in CentOS-4.5 ...
probably because some lame "vulnerability checker" says that he needs
"greater than version 0.9.8 of openssl" to fix a specific vulnerability.

Checkers like that do not take into account that Red Hat will fix CVE's
by the backport method in their enterprise software:

http://www.redhat.com/advice/speaks_backport.html

So ... if the problem is a vulnerability checker, then what you need is
the CVE number of the problem and look for it here:

https://rhn.redhat.com/errata/rhel4as-errata.html

(go into openssl updates and look for that CVE)

You should also (if the problem is fixed) tell the maker of your scanner
that it does not take into account the Enterprise software used in 85%
of enterprise linux deployments ... and that it probably should do so if
it expects to be taken seriously in the enterprise.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20070716/29f15c25/attachment-0005.sig>