1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL updated on Redhat 5/6

Discussion in 'Server Configuration and Hosting' started by Floren, Mar 29, 2012.

  1. Floren

    Floren Well-Known Member

    A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages.

    This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail.

    Update your systems ASAP, via yum update. Redhat ERRATA
     
  2. MattW

    MattW Well-Known Member

    Mine looks to have taken care of itself overnight in CentOS 5

    Code:
    Mar 29 02:06:34 Updated: openssl-0.9.8e-22.el5_8.1.i686
    Mar 29 02:06:38 Updated: openssl-devel-0.9.8e-22.el5_8.1.i386
    
     
  3. Floren

    Floren Well-Known Member

    Is that a production box? You should not have any development RPM's in production.
     
  4. MattW

    MattW Well-Known Member

    Yes it is, and just looking at the yum logs has been there since at least 2009
    Code:
    sudo grep -i ssl-devel yum*
    yum.log:Jan 25 21:06:42 Updated: openssl-devel-0.9.8e-20.el5_7.1.i386
    yum.log:Feb 07 21:06:26 Updated: openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386
    yum.log:Mar 12 22:14:28 Updated: openssl-devel-0.9.8e-22.el5.i386
    yum.log:Mar 29 02:06:38 Updated: openssl-devel-0.9.8e-22.el5_8.1.i386
    yum.log.2:Sep 14 21:08:46 Updated: openssl-devel-0.9.8e-20.el5.i386
    yum.log.3:Jan 21 21:07:04 Updated: openssl-devel-0.9.8e-12.el5_4.1.i386
    yum.log.3:Mar 28 21:06:32 Updated: openssl-devel-0.9.8e-12.el5_4.6.i386
    yum.log.3:Dec 14 21:06:35 Updated: openssl-devel-0.9.8e-12.el5_5.7.i386
    yum.log.4:Sep 16 00:35:22 Updated: openssl-devel-0.9.8e-12.el5.i386
    
    Code:
    ls -al yum*
    -rw------- 1 root root 10262 Mar 29 02:06 yum.log
    -rw------- 1 root root   173 Dec 28 21:06 yum.log.1
    -rw------- 1 root root 19382 Dec 12 21:06 yum.log.2
    -rw------- 1 root root 26038 Dec 27  2010 yum.log.3
    -rw------- 1 root root 14308 Dec 19  2009 yum.log.4
    
     

Share This Page