RE: centos 4.6 and openssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Thanks Alex.

I'm assuming that if another security exploit is found that the openssl
version number who change on the repo correct, if not how would yum know to
update?

Thanks, Paul

P.A > -----Original Message-----
P.A > From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
P.A > Behalf Of Alex White
P.A > Sent: Friday, February 01, 2008 1:13 PM
P.A > To: CentOS mailing list
P.A > Subject: Re:  centos 4.6 and openssl
P.A > 
P.A > On Fri, 1 Feb 2008 12:49:10 -0500
P.A > "Paul A" <razor@xxxxxxxxxxx> took out a #2 pencil and scribbled:
P.A > 
P.A > > Hi,
P.A > >
P.A > > I was compiling a new version of bind on my centos 4.6 server and
P.A > > I discovered that the openssl version
P.A > > (openssl-0.9.7a-43.17.el4_6.1) has several exploits associated
P.A > > with it. I was wondering aside from removing the RPM and
P.A > > compiling a new version of openssl how can I upgrade my current
P.A > > openssl-0.9.7a-43.17.el4_6.1 to a newer version that is affected
P.A > > by the exploits. I know I can yum update openssl as that's is the
P.A > > last version for openssl for version 4.
P.A > >
P.A > > What can I do upgrade openssl?
P.A > > Is it possible to update the server from 4.6 to 5?, is this
P.A > > something that I want to do or is there a better way?
P.A > >
P.A > >
P.A > > TIA, Paul
P.A > 
P.A > Security fixes are backported, so the version number is not a good
P.A > indicator of security vulnerabilities. You may wish to look at the
P.A > change log associated with the rpm.
P.A > 
P.A > rpm -q --changelog openssl
P.A > 
P.A > HTH
P.A > 
P.A > --
P.A > ethericalzen@xxxxxxxxx
P.A > Life is a prison, death is a release
P.A > _______________________________________________
P.A > CentOS mailing list
P.A > CentOS@xxxxxxxxxx
P.A > http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux