Hi, I was compiling a new version of bind on my centos 4.6 server and I discovered that the openssl version (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated with it. I was wondering aside from removing the RPM and compiling a new version of openssl how can I upgrade my current openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected by the exploits. I know I can yum update openssl as that's is the last version for openssl for version 4. What can I do upgrade openssl? Is it possible to update the server from 4.6 to 5?, is this something that I want to do or is there a better way? TIA, Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080201/61f9753d/attachment-0001.html>
On Fri, 1 Feb 2008 12:49:10 -0500 "Paul A" <razor at meganet.net> took out a #2 pencil and scribbled:> Hi, > > I was compiling a new version of bind on my centos 4.6 server and > I discovered that the openssl version > (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated > with it. I was wondering aside from removing the RPM and > compiling a new version of openssl how can I upgrade my current > openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected > by the exploits. I know I can yum update openssl as that's is the > last version for openssl for version 4. > > What can I do upgrade openssl? > Is it possible to update the server from 4.6 to 5?, is this > something that I want to do or is there a better way? > > > TIA, PaulSecurity fixes are backported, so the version number is not a good indicator of security vulnerabilities. You may wish to look at the change log associated with the rpm. rpm -q --changelog openssl HTH -- ethericalzen at gmail.com Life is a prison, death is a release
Paul A wrote:> I was compiling a new version of bind on my centos 4.6 server and I > discovered that the openssl version (openssl-0.9.7a-43.17.el4_6.1) has > several exploits associated with it.I want proof of that. Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20080202/56ec7597/attachment-0001.sig>
Paul A wrote:> Hi, > > I was compiling a new version of bind on my centos 4.6 server and I > discovered that the openssl version (openssl-0.9.7a-43.17.el4_6.1) has > several exploits associated with it. > I was wondering aside from removing the RPM and compiling a new version of > openssl how can I upgrade my current openssl-0.9.7a-43.17.el4_6.1 to a newer > version that is affected by the exploits. > I know I can yum update openssl as that's is the last version for openssl > for version 4. > > What can I do upgrade openssl? > Is it possible to update the server from 4.6 to 5?, is this something that I > want to do or is there a better way? > > > TIA, PaulPaul, For the record, see this about what backporting is: http://tinyurl.com/r77l2 RedHat backports fixes to all it's enterprise versions to minimize api/abi changes and create seucre software that functions consistently throught it's lifetime without having to rewrite custom software. That is the whole reason to have enterprise software, so you do not have to do major program upgrades every 6 months. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080202/5d7a505d/attachment-0001.sig>