OpenSSL vulnerability, yum not up to date

Support for security such as Firewalls and securing linux
Post Reply
Zenoxio
Posts: 4
Joined: 2012/02/08 16:55:53

OpenSSL vulnerability, yum not up to date

Post by Zenoxio » 2012/02/08 17:06:10

There is a vulnerability in version 0.9.8e, but yum seems to still only offer that version:
[code]Available Packages
openssl.i386 0.9.8e-20.el5_7.1.0.1.centos installed[/code]

Is there a reason for this? What's the best way to go about ensuring yum is fairly up to date?

(I know I can update openssl manually, which I will do now)

CentOS 5.7 final

hawaiian717
Posts: 184
Joined: 2009/01/30 19:58:25
Location: California

OpenSSL vulnerability, yum not up to date

Post by hawaiian717 » 2012/02/08 20:19:22

Please read [url=http://wiki.centos.org/FAQ/General#head-472ce8446ebcfc82ca1800f775ba0e629ac835c7]FAQ 20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.[/url]

Security patches are backported to the older version. If you have questions about a particular issue that has been assigned a CVE number, you can check it with:

[code]rpm -q --changelog openssl | grep CVE-xxxx-xxxx[/code]

Post Reply