openss 1.3.2

Support for security such as Firewalls and securing linux
Posts: 2
Joined: 2012/04/19 21:00:03

openss 1.3.2

Postby rvakili » 2012/04/19 21:03:27

Hi All,

I, am sure, you are aware of the Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. I am wondering as how to update my openssl.

With many thanks in advance.

Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

openss 1.3.2

Postby pschaff » 2012/04/19 23:43:53

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

FAQ#20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.

Pay attention to the part about backporting.

User avatar
Forum Moderator
Posts: 20610
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: openss 1.3.2

Postby TrevorH » 2012/04/20 00:57:21

I can't see any vulnerabilities in the ASN.1 parsing in openssl listed here newer than 2009 and they're fixed in openssl 0.9.8k so CentOS 6 is not vulnerable with its openssl-1.0.0-20.el6_2.3 package. On CentOS 5 you can check for specific CVE numbers by running, e.g.

Code: Select all

$ rpm -q --changelog openssl | grep CVE-2009-0590
- fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304)
$ rpm -q openssl