openssl 3.0.3 not found
openssl 3.0.3 not found
Hi, I'm updating the openssl from 3.0.0 to 3.0.7 but there was an error. the update is okay. but when I check the openssl version it says that error openssl 3.0.3 not found. I'm using Centos 9 Stream. Thank you.
Re: openssl 3.0.3 not found
Neither of those are versions supplied by CentOS Stream 9. The current openssl package is http://mirror.stream.centos.org/9-strea ... x86_64.rpm. If you compiled your own then congratulations, you just destroyed your system, time to reinstall.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: openssl 3.0.3 not found
Indeed.
The only way to update anything in CentOS Stream (CS) is dnf up.
That will get you what is available for CS.
If you do use CS, then you must use the version of openssl that is in CS. No ifs or buts about it.
The only way to update anything in CentOS Stream (CS) is dnf up.
That will get you what is available for CS.
If you do use CS, then you must use the version of openssl that is in CS. No ifs or buts about it.
Re: openssl 3.0.3 not found
Hi, upon checking the version of my openssl is 3.0.1, the problem is this version has a vulnerability (CVE-2022-3602). to fix this I need to update the openssl to version 3.0.7. I have downloaded the updated version on www.openssl.org and i have installed it properly. I tried to install the updated version on centos 7 and it works. but when installed on centos 9 the error is openssl 3.0.3 not found.
Re: openssl 3.0.3 not found
Wrong.
The question is not what "openssl 3.0.1" has. The question is what "openssl in CentOS Stream 9 has".
Red Hat apparently did base the openssl for CentOS Stream 9 originally to upstream "openssl 3.0.1", but
they do backport changes to their version.
The "fix" to all these security issues is to run the dnf up whenever Red Hat releases new packages for CS9.
If they don't backport a fix to CS9 version of openssl, then they don't deem it necessary.
What are the latest changes in the openssl of CS9?
Code: Select all
$ rpm -q --changelog -p http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/openssl-3.0.1-43.el9.x86_64.rpm | head
warning: http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/openssl-3.0.1-43.el9.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
- CVE-2022-3602: X.509 Email Address Buffer Overflow
- CVE-2022-3786: X.509 Email Address Buffer Overflow
Resolves: CVE-2022-3602
* Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42
- CVE-2022-3602: X.509 Email Address Buffer Overflow
Resolves: CVE-2022-3602 (rhbz#2137723)
* Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41
For more, read https://access.redhat.com/solutions/57665
Some programming language standards have term Undefined Behaviour (UB).
Code with UB is totally unpredictable. In worst case it "seems to work". In best case UB does crash every time and soon.
You were probably unlucky as your attempt to wreck your CentOS 7 system did not break it cleanly.
Re: openssl 3.0.3 not found
So you broke that one too. And CentOS 7 doesn't ship openssl 3 at all and it is incompatible with older versions so you _really_ broke that one. And older versions are NOT vulnerable to this as the flaw was introduced in openssl 3.0.0.I tried to install the updated version on centos 7 and it works
The correct openssl version on CentOS 7 is 1.0.2k, specifically openssl-1.0.2k-25.el7_9.x86_64
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke