heartbleed openssl bug, need 1.0.1g openssl version
Re: heartbleed openssl bug, need 1.0.1g openssl version
The update will be in the updates repo, not in base. Suggest you edit /etc/yum.repos.d/CentOS-Base.repo and make sure that it says "enabled=1" under the [updates] section and that you have the updates section at the same priority as the base one (if you use yum-plugin-priorities)
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: heartbleed openssl bug, need 1.0.1g openssl version
I just upgraded openssl to openssl-1.0.1e-16.el6_5.7.x86_64 in one of my servers, but Heartbeat still shows a vunerability.
What did I miss?
Thanks!
What did I miss?
Thanks!
Re: heartbleed openssl bug, need 1.0.1g openssl version
Did you restart the services involved? Do you have mod_spdy installed under httpd?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: heartbleed openssl bug, need 1.0.1g openssl version
Yeah, TrevorH, I did have mod_spdy!TrevorH wrote:Did you restart the services involved? Do you have mod_spdy installed under httpd?
I removed it and now it works, thanks!
-
drewrowland
- Posts: 4
- Joined: 2014/04/08 17:08:25
Re: heartbleed openssl bug, need 1.0.1g openssl version
That is already done. The update repo being used is: bay.uchicago.edu output looks like below:TrevorH wrote:The update will be in the updates repo, not in base. Suggest you edit /etc/yum.repos.d/CentOS-Base.repo and make sure that it says "enabled=1" under the [updates] section and that you have the updates section at the same priority as the base one (if you use yum-plugin-priorities)
Loaded plugins: downloadonly, fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.tummy.com
* epel: mirror.utexas.edu
* extras: mirrors.centarra.com
* updates: bay.uchicago.edu
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Setting up Update Process
No Packages marked for Update
Re: heartbleed openssl bug, need 1.0.1g openssl version
What do you get if you run `rpm -qa openssl\*`?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
drewrowland
- Posts: 4
- Joined: 2014/04/08 17:08:25
Re: heartbleed openssl bug, need 1.0.1g openssl version
openssl-1.0.1e-16.el6_5.7.x86_64TrevorH wrote:What do you get if you run `rpm -qa openssl\*`?
openssl-devel-1.0.1e-16.el6_5.7.x86_64
-
drewrowland
- Posts: 4
- Joined: 2014/04/08 17:08:25
Re: heartbleed openssl bug, need 1.0.1g openssl version
Well: " If you have 1.0.1e-16.el6_5.7 or higher then you have the official fixed version." maybe I have the updated version. No idea when I did this. Maybe someone setup a cron that I did not know about.drewrowland wrote:openssl-1.0.1e-16.el6_5.7.x86_64TrevorH wrote:What do you get if you run `rpm -qa openssl\*`?
openssl-devel-1.0.1e-16.el6_5.7.x86_64
After restart i'm okay. Do I need to re-issue all ssl certs?
Re: heartbleed openssl bug, need 1.0.1g openssl version
Make sure that your update repo is enabled,
i'm able to get the update,
Name : openssl
Arch : x86_64
Version : 1.0.1e
Release : 16.el6_5.7
Size : 1.5 M
Repo : updates
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
i'm able to get the update,
Name : openssl
Arch : x86_64
Version : 1.0.1e
Release : 16.el6_5.7
Size : 1.5 M
Repo : updates
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
Re: heartbleed openssl bug, need 1.0.1g openssl version
Is there going to be an offical fix released for the update repositories for Centos 5.10 ?
I'd prefer not to have to build an entirely new server to close this vulnerability but the update repositories don't seem to be reflecting an updated version. I'm still seeing 0.9.8e 27.el5_10.1 from the updates repository.
I'd prefer not to have to build an entirely new server to close this vulnerability but the update repositories don't seem to be reflecting an updated version. I'm still seeing 0.9.8e 27.el5_10.1 from the updates repository.