1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
Welcome to XenForo 1.5!

For more information, click here.

OpenSSL updated on Redhat 5/6

Discussion in 'Server Configuration and Hosting' started by Floren, Mar 29, 2012.

  1. Floren

    Floren Well-Known Member

    A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages.

    This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail.

    Update your systems ASAP, via yum update. Redhat ERRATA
     
  2. MattW

    MattW Well-Known Member

    Mine looks to have taken care of itself overnight in CentOS 5

    Code:
    Mar 29 02:06:34 Updated: openssl-0.9.8e-22.el5_8.1.i686
    Mar 29 02:06:38 Updated: openssl-devel-0.9.8e-22.el5_8.1.i386
    
     
  3. Floren

    Floren Well-Known Member

    Is that a production box? You should not have any development RPM's in production.
     
  4. MattW

    MattW Well-Known Member

    Yes it is, and just looking at the yum logs has been there since at least 2009
    Code:
    sudo grep -i ssl-devel yum*
    yum.log:Jan 25 21:06:42 Updated: openssl-devel-0.9.8e-20.el5_7.1.i386
    yum.log:Feb 07 21:06:26 Updated: openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386
    yum.log:Mar 12 22:14:28 Updated: openssl-devel-0.9.8e-22.el5.i386
    yum.log:Mar 29 02:06:38 Updated: openssl-devel-0.9.8e-22.el5_8.1.i386
    yum.log.2:Sep 14 21:08:46 Updated: openssl-devel-0.9.8e-20.el5.i386
    yum.log.3:Jan 21 21:07:04 Updated: openssl-devel-0.9.8e-12.el5_4.1.i386
    yum.log.3:Mar 28 21:06:32 Updated: openssl-devel-0.9.8e-12.el5_4.6.i386
    yum.log.3:Dec 14 21:06:35 Updated: openssl-devel-0.9.8e-12.el5_5.7.i386
    yum.log.4:Sep 16 00:35:22 Updated: openssl-devel-0.9.8e-12.el5.i386
    
    Code:
    ls -al yum*
    -rw------- 1 root root 10262 Mar 29 02:06 yum.log
    -rw------- 1 root root   173 Dec 28 21:06 yum.log.1
    -rw------- 1 root root 19382 Dec 12 21:06 yum.log.2
    -rw------- 1 root root 26038 Dec 27  2010 yum.log.3
    -rw------- 1 root root 14308 Dec 19  2009 yum.log.4
    
     

Share This Page