installed centosplus php.5.1.6 now has openssl security problem

Support for security such as Firewalls and securing linux
Post Reply
d6d2001
Posts: 2
Joined: 2007/03/07 05:03:37

installed centosplus php.5.1.6 now has openssl security problem

Post by d6d2001 » 2007/03/07 05:12:13

Hi,

I just updated to php.5.1.6 from centosplus.

Everything is great except that I ran couple Nessus scan results. It shows couple holes all related to lower openssl version. I once read that centos has update openssl indeed it's just showing the old version number. But I just want to be sure.

Any one have came across this and find a solution?

BTW, it's a centos4.4 with plesk 8.1 box.

Thanks

[quote]
The remote host is using a version of OpenSSL which is
older than 0.9.6m or 0.9.7d

There are several bug in this version of OpenSSL which may allow
an attacker to cause a denial of service against the remote host.

Nessus solely relied on the banner of the remote host
to issue this warning


Solution: Upgrade to version 0.9.6m (0.9.7d) or newer


Risk Factor : High
CVE : CVE-2004-0079, CVE-2004-0081, CVE-2004-0112
BID : 9899
Other references : IAVA:2004-B-0006
Plugin ID : 12110
[/quote]

Checco
Posts: 16
Joined: 2006/11/25 11:43:22
Location: Italy
Contact:

installed centosplus php.5.1.6 now has openssl security prob

Post by Checco » 2007/03/07 10:49:51

Try with other [b]repositories[/b].
Use [url=http://wiki.centos.org/Repositories]THIS[/url] HowTo for add new repositories.
And.. remember to install the two plugins:
- [i]FastestMirror[/i];
- [i]ProtectBase[/i].

d6d2001
Posts: 2
Joined: 2007/03/07 05:03:37

Re: installed centosplus php.5.1.6 now has openssl security problem

Post by d6d2001 » 2007/03/07 19:40:41

Thanks for the reply.

But can you point it out which repo may have the stuff I need?

Post Reply

Return to “CentOS 4 - Security Support”