[SOLVED] Update OpenSSL 0.9.8e-fips-rhel5 to openssl-1.0.1g

[Marmara]

Hello,

I use CentOS 5.5. and would like to update my OpenSSL 0.9.8e-fips-rhel5 version to the new one 1.0.1g.
As far as i know there is no yum update for CentOS 5.5. available.
Is there an solution to update the version to the new one?
If yes, a short tutorial would be awesome!

Best regards,
Phil

[TrevorH]

CentOS 5's copy of openssl 0.9.8 is not vulnerable to the HeartBleed bug as this was introduced in openssl 1.0.1. You do not need to update and should not do so.

[avij]

What you should do, however, is to update your openssl to the openssl that is shipped with CentOS 5.10 (openssl-0.9.8e-27.el5_10.1).

By using an openssl from CentOS 5.5, you're missing these updates:

https://rhn.redhat.com/errata/RHSA-2010-0978.html
https://rhn.redhat.com/errata/RHBA-2011-1010.html
https://rhn.redhat.com/errata/RHSA-2012-0060.html
https://rhn.redhat.com/errata/RHBA-2012-0229.html
https://rhn.redhat.com/errata/RHSA-2012-0426.html
https://rhn.redhat.com/errata/RHSA-2012-0518.html
https://rhn.redhat.com/errata/RHSA-2012-0699.html
https://rhn.redhat.com/errata/RHSA-2013-0587.html
https://rhn.redhat.com/errata/RHEA-2014-0104.html

You should be able to update to the current version with a simple "yum update".

[TrevorH]

I missed the "5.5" bit so if you are really running that, then you have far more to worry about than HeartBleed as 5.5 has numerous exploitable security vulnerabilities and you should definitely update to 5.10 ASAP.

[drk]

I use CentOS 5.5.

If you are really using 5.5 you should update it asap.

[Marmara]

Thank you guys for your help!

Now i updated my system to CentOS 5.10.
When i check the installed files i get:

Code: Select all

openssl.i686                         0.9.8e-27.el5_10.1                installed
openssl.x86_64                       0.9.8e-27.el5_10.1                installed
openssl-devel.i386                   0.9.8e-27.el5_10.1                installed
openssl-devel.x86_64                 0.9.8e-27.el5_10.1                installed

But when i check the version with openssl version -a i get:

Code: Select all

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
built on: Tue Jan 28 18:16:29 EST 2014
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic

Is this now the correct version?

Best regards,
Philipp

[avij]

Yes, that is indeed the correct version for CentOS 5.x. You are OK now.

[Marmara]

OK, thank you a lot!
That was very helpful!