When I can apply announced on March 19 of openssl in CentOS5

Support for security such as Firewalls and securing linux
cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

When I can apply announced on March 19 of openssl in CentOS5

Postby cestlavie01 » 2015/03/25 01:21:13

Hi, team.

I want to patch the new release version has been applied openssl to centOS 5.x.
However, the final version of openSSL of current CentOS 5.X is 0.9.8e-32_el5_11.
Signature is a January 13, 2015.

The CVE-2015-0293 openssl that has been modified to be worried about when I can patch.

Adieu.

User avatar
TrevorH
Forum Moderator
Posts: 21002
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: When I can apply announced on March 19 of openssl in Cen

Postby TrevorH » 2015/03/25 01:29:02

All of the CVEs that are applicable to CentOS 5 are ranked as "Moderate" or lower impact. As CentOS 5 is now in production phase 3 of its lifetime, only fixes of important or critical impact are being issued by Redhat so this will not be patched as far as I know. You can see more on https://access.redhat.com/articles/1384453
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

Re: When I can apply announced on March 19 of openssl in Cen

Postby cestlavie01 » 2015/03/25 02:00:30

TrevorH wrote:All of the CVEs that are applicable to CentOS 5 are ranked as "Moderate" or lower impact. As CentOS 5 is now in production phase 3 of its lifetime, only fixes of important or critical impact are being issued by Redhat so this will not be patched as far as I know. You can see more on https://access.redhat.com/articles/1384453


If redhat does not patch, individuals can be used to build a openssl?

User avatar
TrevorH
Forum Moderator
Posts: 21002
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: When I can apply announced on March 19 of openssl in Cen

Postby TrevorH » 2015/03/25 09:16:59

Really really not recommended. Did you read the redhat link I posted?
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

Re: When I can apply announced on March 19 of openssl in Cen

Postby cestlavie01 » 2015/03/25 09:49:18

TrevorH wrote:Really really not recommended. Did you read the redhat link I posted?


appreciate the advice.

I read the link page.
However, I think did not solve the problem. So I was forced to try to do a patch.
If as the Red Hat said, if too trivial problem, I do not have the action.
Is this the correct behavior?

User avatar
toracat
Forum Moderator
Posts: 7230
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: When I can apply announced on March 19 of openssl in Cen

Postby toracat » 2015/03/25 12:19:47

Because of the upstream policy, openssl is not the only security patch that was not released for CentOS 5. See this post by Johnny Hughes for more details and his recommendation.
CentOS Forum FAQ

cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

Re: When I can apply announced on March 19 of openssl in Cen

Postby cestlavie01 » 2015/03/26 01:38:15

toracat wrote:Because of the upstream policy, openssl is not the only security patch that was not released for CentOS 5. See this post by Johnny Hughes for more details and his recommendation.


thanks, toracat.

I read the link page.
In summary, if we want supported the security issue that will be raised a CentOS version?
Have no choice...

User avatar
avij
Forum Moderator
Posts: 2139
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: When I can apply announced on March 19 of openssl in Cen

Postby avij » 2015/04/18 07:17:35

For the record, there is now an updated OpenSSL for CentOS 5 as well.

You should still start planning to switch to a newer version of CentOS.