Broken openssl update for CentOS 7 - has been held

General support questions
Post Reply
User avatar
TrevorH
Site Admin
Posts: 31476
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Broken openssl update for CentOS 7 - has been held

Post by TrevorH » 2022/01/14 14:53:00

Please note that CentOS has built and will push the new openssl update for RHEL 7 - openssl-1.0.2k-23.el7_9.x86_64. This is to make sure we have the same updates available as there are for RHEL 7 but this update is BROKEN and I would recommend avoiding it. With this applied, apache httpd and the SCL vrsions of nginx that depend on openssl will crash, often. The version of nginx shipped by EPEL is not affected as it uses openssl11 from EPEL instead.

The brokenness is known and acknowledged upstream - see https://access.redhat.com/solutions/6637201
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke

tunk
Posts: 1054
Joined: 2017/02/22 15:08:17

Re: Broken openssl update for CentOS 7 - avoid

Post by tunk » 2022/01/14 16:08:44

Temporarily disabled by adding this to /etc/yum.conf:
exclude=openssl*
Please let us know when it is fixed.

User avatar
TrevorH
Site Admin
Posts: 31476
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Broken openssl update for CentOS 7 - has been held

Post by TrevorH » 2022/01/14 16:12:28

It has been decided that this update will not be pushed by CentOS until upstream release a fixed version. At that point the new version will be built and tested and if it passes those tests, then both the broken version and the superceding fixed version will be pushed. That will keep the same updates available for CentOS as for RHEL but the broken version will just be a "bit late"!
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke

Post Reply

Return to “CentOS 7 - General Support”