Page 1 of 1

[SOLVED] Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/11 15:13:21
by Marmara
Hello,

I use CentOS 5.5. and would like to update my OpenSSL 0.9.8e-fips-rhel5 version to the new one 1.0.1g.
As far as i know there is no yum update for CentOS 5.5. available.
Is there an solution to update the version to the new one?
If yes, a short tutorial would be awesome!

Best regards,
Phil

Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/11 15:22:22
by TrevorH
CentOS 5's copy of openssl 0.9.8 is not vulnerable to the HeartBleed bug as this was introduced in openssl 1.0.1. You do not need to update and should not do so.

Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/11 15:37:10
by avij

Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/11 18:22:13
by TrevorH
I missed the "5.5" bit so if you are really running that, then you have far more to worry about than HeartBleed as 5.5 has numerous exploitable security vulnerabilities and you should definitely update to 5.10 ASAP.

Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/11 20:54:07
by drk
Marmara wrote:I use CentOS 5.5.
If you are really using 5.5 you should update it asap.

Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/18 23:47:13
by Marmara
Thank you guys for your help!

Now i updated my system to CentOS 5.10.
When i check the installed files i get:

Code: Select all

openssl.i686                         0.9.8e-27.el5_10.1                installed
openssl.x86_64                       0.9.8e-27.el5_10.1                installed
openssl-devel.i386                   0.9.8e-27.el5_10.1                installed
openssl-devel.x86_64                 0.9.8e-27.el5_10.1                installed
But when i check the version with openssl version -a i get:

Code: Select all

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
built on: Tue Jan 28 18:16:29 EST 2014
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic
Is this now the correct version?

Best regards,
Philipp

Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/19 07:34:52
by avij
Yes, that is indeed the correct version for CentOS 5.x. You are OK now.

Re: Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

Posted: 2014/04/22 08:42:07
by Marmara
OK, thank you a lot!
That was very helpful!