[SOLVED] Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
[SOLVED] Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
Hello,
I use CentOS 5.5. and would like to update my OpenSSL 0.9.8e-fips-rhel5 version to the new one 1.0.1g.
As far as i know there is no yum update for CentOS 5.5. available.
Is there an solution to update the version to the new one?
If yes, a short tutorial would be awesome!
Best regards,
Phil
I use CentOS 5.5. and would like to update my OpenSSL 0.9.8e-fips-rhel5 version to the new one 1.0.1g.
As far as i know there is no yum update for CentOS 5.5. available.
Is there an solution to update the version to the new one?
If yes, a short tutorial would be awesome!
Best regards,
Phil
Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
CentOS 5's copy of openssl 0.9.8 is not vulnerable to the HeartBleed bug as this was introduced in openssl 1.0.1. You do not need to update and should not do so.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
What you should do, however, is to update your openssl to the openssl that is shipped with CentOS 5.10 (openssl-0.9.8e-27.el5_10.1).
By using an openssl from CentOS 5.5, you're missing these updates:
https://rhn.redhat.com/errata/RHSA-2010-0978.html
https://rhn.redhat.com/errata/RHBA-2011-1010.html
https://rhn.redhat.com/errata/RHSA-2012-0060.html
https://rhn.redhat.com/errata/RHBA-2012-0229.html
https://rhn.redhat.com/errata/RHSA-2012-0426.html
https://rhn.redhat.com/errata/RHSA-2012-0518.html
https://rhn.redhat.com/errata/RHSA-2012-0699.html
https://rhn.redhat.com/errata/RHSA-2013-0587.html
https://rhn.redhat.com/errata/RHEA-2014-0104.html
You should be able to update to the current version with a simple "yum update".
By using an openssl from CentOS 5.5, you're missing these updates:
https://rhn.redhat.com/errata/RHSA-2010-0978.html
https://rhn.redhat.com/errata/RHBA-2011-1010.html
https://rhn.redhat.com/errata/RHSA-2012-0060.html
https://rhn.redhat.com/errata/RHBA-2012-0229.html
https://rhn.redhat.com/errata/RHSA-2012-0426.html
https://rhn.redhat.com/errata/RHSA-2012-0518.html
https://rhn.redhat.com/errata/RHSA-2012-0699.html
https://rhn.redhat.com/errata/RHSA-2013-0587.html
https://rhn.redhat.com/errata/RHEA-2014-0104.html
You should be able to update to the current version with a simple "yum update".
Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
I missed the "5.5" bit so if you are really running that, then you have far more to worry about than HeartBleed as 5.5 has numerous exploitable security vulnerabilities and you should definitely update to 5.10 ASAP.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
If you are really using 5.5 you should update it asap.Marmara wrote:I use CentOS 5.5.
Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
Thank you guys for your help!
Now i updated my system to CentOS 5.10.
When i check the installed files i get:
But when i check the version with openssl version -a i get:
Is this now the correct version?
Best regards,
Philipp
Now i updated my system to CentOS 5.10.
When i check the installed files i get:
Code: Select all
openssl.i686 0.9.8e-27.el5_10.1 installed
openssl.x86_64 0.9.8e-27.el5_10.1 installed
openssl-devel.i386 0.9.8e-27.el5_10.1 installed
openssl-devel.x86_64 0.9.8e-27.el5_10.1 installed
Code: Select all
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
built on: Tue Jan 28 18:16:29 EST 2014
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: dynamic
Best regards,
Philipp
Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
Yes, that is indeed the correct version for CentOS 5.x. You are OK now.
Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g
OK, thank you a lot!
That was very helpful!
That was very helpful!