upgrade and downgrade of OpenSSL on RHEL 5

Selenis · 04-10-2014, 03:36 AM

hi all!

one of our Server runs on Red Hat 3.4.6-11 with openSSL 0.9.7a and the other on Red Hat 4.1.2-51 with openSSL 0.9.8e

I have to upgrade to openSSL 1.0.1g on both Servers.

My Question is:

- will update through yum get me the latest Version?
- How do I downgrade if it turns out that our Scripts/Configurations have trouble with the upgrade?
- Do I only have to restart apache after the upgrade?
- Both Openssl Versions are not vulnerable to Heartbleed and Tests of your sites on the servers confirmed this. Do We still need new SSL Certificates?

Any help will be appreciated! :-)

kirukan · 04-10-2014, 04:04 AM

RHEL3 and RHEL4 are End of Life, No more support from Redhat. Are you looking to upgrade RHEL5 openssl version?
http://rhn.redhat.com/errata/RHSA-2010-0817.html
https://rhn.redhat.com/errata/RHSA-2012-0073.html

Selenis · 04-10-2014, 05:50 AM

thanks for your reply

hm this is the output i got from
>cat /proc/version

the contract with our hoster states at least for the second server that it's RHEL5
any other way i can securely get the current OS version?

anyway my question would be for RHEL5

Selenis · 04-10-2014, 09:14 AM

ok heres what /etc/redhat-release says
1. server with OpenSSL 0.9.7a: Red Hat Enterprise Linux ES release 4
GUess Im out of luck here

2. server with openssl 0.9.8e: Red Hat Enterprise Linux Server release 5.7 (Tikanga)

any Ideas if it would be possible to downgrade back to 0.9.8e once I updated?
And if how?

John VV · 04-10-2014, 11:52 AM

RHEL 5.10 is the current in the old LEGACY redhat enterprise linux 5
5.7 is 3 minor versions out of date
for security backports to 5.7

contact your RedHat tech support
you ARE paying for this ( paying a lot of cash to keep it at 5.7 )

you might want to use that already paid for support

this will install any available security updates

Code:

su -
yum update

kirukan · 04-10-2014, 10:14 PM

Quote:

Originally Posted by Selenis

any Ideas if it would be possible to downgrade back to 0.9.8e once I updated?
And if how?

I think you don't want to worry for the downgrade because mostly latest versions are bugs free and more stable than the earlier versions.

chrism01 · 04-14-2014, 06:19 AM

General page of lifetimes for RHEL 3, 4, 5 & 6 https://access.redhat.com/site/suppo...pdates/errata/

1. I'd advise replacing the RHEL4 system asap
2. Also, as above, upgrade the RHEL5 to the latest and you'll be protected.

RH issued fixes for the OpenSSL issue very quickly.