[CentOS] OpenSSL vulnerability fix

On 03/30/2015 11:57 PM, Venkateswara Rao Dokku wrote:
> just for my curiosity, How can we make sure that its not affected?
>
> Is there any script to check whether its vulnerable or not (as in bash
> shell shock vulnerability test)?

You can run both client and server tests from:
https://www.ssllabs.com/

Nataraj

>
> On Tue, Mar 31, 2015 at 12:25 PM, Eero Volotinen <eero.volotinen at iki.fi>
> wrote:
>
>> Centos 5 is not affected by this bug, so fix is not available.
>>
>> Eero
>> 31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku" <dvrao.584 at gmail.com
>>> :
>>> Hi All,
>>>
>>> I wanted to fix the openssl vulnerabilities (CVE-2014-3569,
>> CVE-2014-3570,
>>> CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd
>>> has the fixes I am looking for (from the
>>> https://www.openssl.org/news/vulnerabilities.html link).
>>>
>>> But, When I tried to find the openssl-0.9.8zd rpm package, I did not find
>>> it in http://mirror.centos.org/centos/5/updates/x86_64/RPMS/.
>>>
>>> The latest that I could find was 0.9.8e-31-el5.
>>>
>>> Can you please help me on how can I find the rpm I am looking for or How
>>> can I fix the vulnerabilities.?
>>>
>>> Thanks for your help.
>>>
>>> --
>>> Thanks & Regards,
>>> Venkateswara Rao Dokku.
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>