LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-23-2014, 04:30 PM   #1
ssp-linux
LQ Newbie
 
Registered: Apr 2014
Posts: 2

Rep: Reputation: Disabled
Unhappy Upgrading OpenSSL on Red Hat Linux 5


Hello,
I am trying to upgrade openSSL version on my RHEL5 machine. I ran the following commands
'yum update/upgrade openSSL'
This stopped with a message that "No packages marked for update"
So I ran 'yum repolist' and did not find the openssl repo there
Upon researching I found that openSSL updates its packages from Red Hat network.
So I ran 'yum info openSSL'
which said that the package available for update was 0.98e.
Any ideas on how to get the latest package?
 
Old 04-23-2014, 05:47 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
1. Upgrade the system...
2. download the source and rebuild it yourself.

Since this is a purchased RH system, you could contact RH and ask about it.
 
Old 04-23-2014, 07:43 PM   #3
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,090

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
apparently RHEL 5.10 is not affected

just run the normal updates and make sure you are running 5.10

Code:
cat /etc/redhat-version
 
Old 04-24-2014, 09:07 AM   #4
ssp-linux
LQ Newbie
 
Registered: Apr 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
Hi John,
I confirmed to check if this was Red Hat Enterprise Linux Server release 5.10.
DO you know if this has a fix for TLS/SSL renegotiation vulnerability? Thats what I am tryng to fix
 
Old 04-24-2014, 09:55 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
Check the version of OpenSSL against the CVE-2014-0160:

https://www.us-cert.gov/ncas/alerts/TA14-098A

It only affects OpenSSL 1.0.1 through 1.0.1f and OpenSSL 1.0.2-beta

I think RH 5 was running something in the 0.9 range.
 
Old 04-24-2014, 12:06 PM   #6
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,399

Rep: Reputation: 1486Reputation: 1486Reputation: 1486Reputation: 1486Reputation: 1486Reputation: 1486Reputation: 1486Reputation: 1486Reputation: 1486Reputation: 1486
@jpollard: The SSL renegotiation vulnerability is not the same as the Heartbleed bug.

Red Hat has a policy of backporting security fixes to older versions, so you can't always go by the version number to know whether a security fix has been applied. From what I can see at openssl.org, your openssl-0.9.8e is not on the list of affected versions, but looking at the changelog for openssl-0.9.8e-27.el5_10.1, I do see several changes that mention "renegotiation".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
upgrading Red Hat Ent Linux 4.0(update 9) to Red Hat Ent Linux 6.0 manoj.linux Linux - Enterprise 3 04-26-2012 02:04 PM
Problem in upgrading Kernel to 2.6 in Red Hat Linux saqib Red Hat 4 04-19-2004 04:51 AM
Upgrading Red Hat 9 to Red Hat Enterprise Server 3 AS louisb Linux - Software 7 02-23-2004 10:25 PM
Upgrading Red hat Linux 5.2 to 7.3 or higher CyberEd Linux - Newbie 3 01-07-2004 03:23 AM
Upgrading red hat linux from 6.2 to 7 linux2cool Linux - Software 1 02-21-2001 03:54 PM


All times are GMT -5. The time now is 11:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration