openss 1.3.2

Support for security such as Firewalls and securing linux
Post Reply
Posts: 2
Joined: 2012/04/19 21:00:03

openss 1.3.2

Post by rvakili » 2012/04/19 21:03:27

Hi All,

I, am sure, you are aware of the Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. I am wondering as how to update my openssl.

With many thanks in advance.

Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

openss 1.3.2

Post by pschaff » 2012/04/19 23:43:53

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

[url=]FAQ#20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.[/url]

Pay attention to the part about backporting.

User avatar
Forum Moderator
Posts: 30160
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: openss 1.3.2

Post by TrevorH » 2012/04/20 00:57:21

I can't see any vulnerabilities in the ASN.1 parsing in openssl listed [url=]here[/url] newer than 2009 and they're fixed in openssl 0.9.8k so CentOS 6 is not vulnerable with its openssl-1.0.0-20.el6_2.3 package. On CentOS 5 you can check for specific CVE numbers by running, e.g.

$ rpm -q --changelog openssl | grep CVE-2009-0590
- fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304)
$ rpm -q openssl

Post Reply

Return to “CentOS 6 - Security Support”