openss 1.3.2

Support for security such as Firewalls and securing linux

openss 1.3.2

Postby rvakili » 2012/04/19 21:03:27

Hi All,

I, am sure, you are aware of the Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. I am wondering as how to update my openssl.

With many thanks in advance.
rvakili
 
Posts: 2
Joined: 2012/04/19 21:00:03

openss 1.3.2

Postby pschaff » 2012/04/19 23:43:53

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

FAQ#20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.

Pay attention to the part about backporting.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: openss 1.3.2

Postby TrevorH » 2012/04/20 00:57:21

I can't see any vulnerabilities in the ASN.1 parsing in openssl listed here newer than 2009 and they're fixed in openssl 0.9.8k so CentOS 6 is not vulnerable with its openssl-1.0.0-20.el6_2.3 package. On CentOS 5 you can check for specific CVE numbers by running, e.g.

Code: Select all
$ rpm -q --changelog openssl | grep CVE-2009-0590
- fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304)
$ rpm -q openssl
openssl-0.9.8e-22.el5_8.1
User avatar
TrevorH
Forum Moderator
 
Posts: 9114
Joined: 2009/09/24 10:40:56
Location: Brighton, UK


Return to CentOS 6 - Security Support

Who is online

Users browsing this forum: No registered users and 1 guest