When I can apply announced on March 19 of openssl in CentOS5

Support for security such as Firewalls and securing linux
Post Reply
cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

When I can apply announced on March 19 of openssl in CentOS5

Post by cestlavie01 » 2015/03/25 01:21:13

Hi, team.

I want to patch the new release version has been applied openssl to centOS 5.x.
However, the final version of openSSL of current CentOS 5.X is 0.9.8e-32_el5_11.
Signature is a January 13, 2015.

The CVE-2015-0293 openssl that has been modified to be worried about when I can patch.

Adieu.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: When I can apply announced on March 19 of openssl in Cen

Post by TrevorH » 2015/03/25 01:29:02

All of the CVEs that are applicable to CentOS 5 are ranked as "Moderate" or lower impact. As CentOS 5 is now in production phase 3 of its lifetime, only fixes of important or critical impact are being issued by Redhat so this will not be patched as far as I know. You can see more on https://access.redhat.com/articles/1384453
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

Re: When I can apply announced on March 19 of openssl in Cen

Post by cestlavie01 » 2015/03/25 02:00:30

TrevorH wrote:All of the CVEs that are applicable to CentOS 5 are ranked as "Moderate" or lower impact. As CentOS 5 is now in production phase 3 of its lifetime, only fixes of important or critical impact are being issued by Redhat so this will not be patched as far as I know. You can see more on https://access.redhat.com/articles/1384453
If redhat does not patch, individuals can be used to build a openssl?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: When I can apply announced on March 19 of openssl in Cen

Post by TrevorH » 2015/03/25 09:16:59

Really really not recommended. Did you read the redhat link I posted?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

Re: When I can apply announced on March 19 of openssl in Cen

Post by cestlavie01 » 2015/03/25 09:49:18

TrevorH wrote:Really really not recommended. Did you read the redhat link I posted?
appreciate the advice.

I read the link page.
However, I think did not solve the problem. So I was forced to try to do a patch.
If as the Red Hat said, if too trivial problem, I do not have the action.
Is this the correct behavior?

User avatar
toracat
Site Admin
Posts: 7518
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: When I can apply announced on March 19 of openssl in Cen

Post by toracat » 2015/03/25 12:19:47

Because of the upstream policy, openssl is not the only security patch that was not released for CentOS 5. See this post by Johnny Hughes for more details and his recommendation.
CentOS Forum FAQ

cestlavie01
Posts: 4
Joined: 2015/03/25 00:59:44

Re: When I can apply announced on March 19 of openssl in Cen

Post by cestlavie01 » 2015/03/26 01:38:15

toracat wrote:Because of the upstream policy, openssl is not the only security patch that was not released for CentOS 5. See this post by Johnny Hughes for more details and his recommendation.
thanks, toracat.

I read the link page.
In summary, if we want supported the security issue that will be raised a CentOS version?
Have no choice...

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: When I can apply announced on March 19 of openssl in Cen

Post by avij » 2015/04/18 07:17:35

For the record, there is now an updated OpenSSL for CentOS 5 as well.

You should still start planning to switch to a newer version of CentOS.

Post Reply