Vulnerable Openssl version remains & got activated after update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello

I'm sure my rpms are not corrupted (MD5 checksummed)
as I got them from RHN:
1,525,631bytes openssl-0.9.8e-27.el5_10.3.x86_64.rpm
1,952,684bytes openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm

Faced an issue after updating above Openssl & its devel rpm:
 the updated version of Openssl "adds on" instead of  replacing the current
old version & the RHN's perl script still report it as vulnerable. Any
concern
if I forcefully delete (ie "rpm -e --nodeps") the vulnerable Openssl rpm
openssl-0.9.8e-22.el5 ?

What to do next to address this vulnerable Openssl?


# ls *cg*
opswgw-cgws1-RCLOUDMMM
# ./opswgw-cgws1-RCLOUDMMM stop  # <==this service uses OpenSSL Stopping
opswgw: .

# rpm -qa |grep ssl   # verify the current old version
openssl-0.9.8e-22.el5
openssl-devel-0.9.8e-22.el5
openssl-devel-0.9.8e-22.el5
OPSWopenssl-0.9.8g-1
docbook-style-dsssl-1.79-4.1

# rpm -Uvh ./openssl-0.9.8e-27.el5_10.3.x86_64.rpm
./openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm
Preparing...                ###########################################
[100%]
        file /etc/pki/tls/certs/ca-bundle.crt from install of
openssl-0.9.8e-27.el5_10.3.x86_64 conflicts with file from package
openssl-0.9.8e-22.el5.i686
        file /usr/share/man/man1/ca.1ssl.gz from install of
openssl-0.9.8e-27.el5_10.3.x86_64 conflicts with file from package
openssl-0.9.8e-22.el5.i686
        file /usr/share/man/man1/req.1ssl.gz from install of
openssl-0.9.8e-27.el5_10.3.x86_64 conflicts with file from package
openssl-0.9.8e-22.el5.i686
        file /usr/share/man/man1/x509.1ssl.gz from install of
openssl-0.9.8e-27.el5_10.3.x86_64 conflicts with file from package
openssl-0.9.8e-22.el5.i686 # # rpm -Uvh
./openssl-0.9.8e-27.el5_10.3.x86_64.rpm
./openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm --replacefiles
Preparing...                ###########################################
[100%]
   1:openssl                ########################################### [
50%]
   2:openssl-devel          ###########################################
[100%]


# rpm -qa |grep -i ssl
openssl-0.9.8e-27.el5_10.3      # <== new version created
openssl-0.9.8e-22.el5             # <== old version still there
OPSWopenssl-0.9.8g-1
openssl-devel-0.9.8e-27.el5_10.3      #<== this devel rpm got updated ok
docbook-style-dsssl-1.79-4.1
pyOpenSSL-0.6-2.el5

# rpm -e openssl-0.9.8e-22.el5
error: Failed dependencies:
        libcrypto.so.6 is needed by (installed)
nspluginwrapper-1.3.0-9.el5.i386
        libcrypto.so.6 is needed by (installed) neon-0.25.5-10.el5_4.1.i386
        libcrypto.so.6 is needed by (installed) pam_ccreds-3-5.i386
      . . . & many other dependencies . . .

# ./opswgw-cgws1-RCLOUDMMM start
Starting opswgw:                                           [  OK  ]
tcp        0      0 0.0.0.0:443                 0.0.0.0:*
LISTEN      14914/[opswgw-gatew off (0.00/0/0)
# ps -ef |grep 14914
opswgw   14914 14913  0 10:27 ?        00:00:00
[opswgw-gateway-45.0.3991.0: cgws1-RCLOUDMMM] --PropertiesFile
/etc/opt/opsware/opswgw-cgws1-RCLOUDMMM/opswgw.properties --BinPath
/opt/opsware/opswgw/bin/opswgw --Child true

./opswgw-cgws1-RCLOUDMMM start
Starting opswgw:                                           [  OK  ]
# netstat -anop |grep ":443 " |grep -i listen
tcp        0      0 0.0.0.0:443                 0.0.0.0:*
LISTEN      14914/[opswgw-gatew off (0.00/0/0)

# ps -ef |grep 14914
opswgw   14914 14913  0 10:27 ?        00:00:00
[opswgw-gateway-45.0.3991.0: cgws1-RCLOUDMMM] --PropertiesFile
/etc/opt/opsware/opswgw-cgws1-RCLOUDMMM/opswgw.properties --BinPath
/opt/opsware/opswgw/bin/opswgw --Child true
root     14992  7088  0 10:28 pts/1    00:00:00 grep 14914
#
# ./opswgw-cgws1-RCLOUDMMM start
# cd /root
# ./ fake-client-early-ccs.pl localhost 443 Got server response, size: 2953
- Handshake - Server Hello
- Handshake - Certificate
- Handshake - Server Key Exhange
- Handshake - Server Hello Done
FAIL Remote host is affected

# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
[root@MPLSADB02 ~]# rpm -qa |grep -i fips
fipscheck-1.2.0-1.el5


SH
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list




[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux