Hi All, I wanted to fix the openssl vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd has the fixes I am looking for (from the https://www.openssl.org/news/vulnerabilities.html link). But, When I tried to find the openssl-0.9.8zd rpm package, I did not find it in http://mirror.centos.org/centos/5/updates/x86_64/RPMS/. The latest that I could find was 0.9.8e-31-el5. Can you please help me on how can I find the rpm I am looking for or How can I fix the vulnerabilities.? Thanks for your help. -- Thanks & Regards, Venkateswara Rao Dokku.
Centos 5 is not affected by this bug, so fix is not available. Eero 31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku" <dvrao.584 at gmail.com>:> Hi All, > > I wanted to fix the openssl vulnerabilities (CVE-2014-3569, CVE-2014-3570, > CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd > has the fixes I am looking for (from the > https://www.openssl.org/news/vulnerabilities.html link). > > But, When I tried to find the openssl-0.9.8zd rpm package, I did not find > it in http://mirror.centos.org/centos/5/updates/x86_64/RPMS/. > > The latest that I could find was 0.9.8e-31-el5. > > Can you please help me on how can I find the rpm I am looking for or How > can I fix the vulnerabilities.? > > Thanks for your help. > > -- > Thanks & Regards, > Venkateswara Rao Dokku. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
just for my curiosity, How can we make sure that its not affected? Is there any script to check whether its vulnerable or not (as in bash shell shock vulnerability test)? On Tue, Mar 31, 2015 at 12:25 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote:> Centos 5 is not affected by this bug, so fix is not available. > > Eero > 31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku" <dvrao.584 at gmail.com > >: > > > Hi All, > > > > I wanted to fix the openssl vulnerabilities (CVE-2014-3569, > CVE-2014-3570, > > CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd > > has the fixes I am looking for (from the > > https://www.openssl.org/news/vulnerabilities.html link). > > > > But, When I tried to find the openssl-0.9.8zd rpm package, I did not find > > it in http://mirror.centos.org/centos/5/updates/x86_64/RPMS/. > > > > The latest that I could find was 0.9.8e-31-el5. > > > > Can you please help me on how can I find the rpm I am looking for or How > > can I fix the vulnerabilities.? > > > > Thanks for your help. > > > > -- > > Thanks & Regards, > > Venkateswara Rao Dokku. > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- Thanks & Regards, Venkateswara Rao Dokku.