openss 1.3.2

Support for security such as Firewalls and securing linux
Post Reply
rvakili
Posts: 2
Joined: 2012/04/19 21:00:03

openss 1.3.2

Post by rvakili » 2012/04/19 21:03:27

Hi All,

I, am sure, you are aware of the Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. I am wondering as how to update my openssl.

With many thanks in advance.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

openss 1.3.2

Post by pschaff » 2012/04/19 23:43:53

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

[url=http://wiki.centos.org/FAQ/General#head-472ce8446ebcfc82ca1800f775ba0e629ac835c7]FAQ#20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.[/url]

Pay attention to the part about backporting.

User avatar
TrevorH
Forum Moderator
Posts: 30160
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: openss 1.3.2

Post by TrevorH » 2012/04/20 00:57:21

I can't see any vulnerabilities in the ASN.1 parsing in openssl listed [url=http://www.openssl.org/news/vulnerabilities.html]here[/url] newer than 2009 and they're fixed in openssl 0.9.8k so CentOS 6 is not vulnerable with its openssl-1.0.0-20.el6_2.3 package. On CentOS 5 you can check for specific CVE numbers by running, e.g.

[code]
$ rpm -q --changelog openssl | grep CVE-2009-0590
- fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304)
$ rpm -q openssl
openssl-0.9.8e-22.el5_8.1
[/code]

Post Reply

Return to “CentOS 6 - Security Support”