Author Topic: How to update Open SSL (Read 6658 times)

shoque · « **on:** 2014-04-12, 16:23:00 »

Hello

As we aware of heartbleed threat please let me know how to update my open ssl version to latest. my system is cent os 6.4 64 bit.

Thanks

MRatWork · « **Reply #1 on:** 2014-04-12, 16:31:04 »

Maybe it's not related to openssl directly but related to application to use ssl (like apache and others).

So, just running 'yum clean all; yum update'.

shoque · « **Reply #2 on:** 2014-04-12, 17:12:09 »

After doing this it is still showing old version open ssl

[root~]# rpm -q openssl
openssl-1.0.1e-16.el6_5.4.x86_64

vulnerable version is OpenSSL 1.0.1e-16.el6_5.4,
fixed in OpenSSL 1.0.1e-16.el6_5.7

how can I update it to OpenSSL 1.0.1e-16.el6_5.7?

Thanks

MRatWork · « **Reply #3 on:** 2014-04-12, 17:21:09 »

Have you run 'yum clean all; yum update'. With this command, your OS will be update (including openssl).

shoque · « **Reply #4 on:** 2014-04-12, 18:21:34 »

Yes I run this command yum clean all; yum update and restarted httpd but still showing old version.

Thanks

Joe · « **Reply #5 on:** 2014-04-12, 18:31:21 »

Did you check if you are still vulnerable? The latest version of Kloxo says everything is good with the test site below but the OpenSSL version is old and showing OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 on Centos 5.

Here's how to check if it's fixed or unaffected:

http://filippo.io/Heartbleed/

MRatWork · « **Reply #6 on:** 2014-04-13, 04:10:12 »

Centos 5 still using 0.9.8 version and no bug. Bug only found in certain 1.01 or 1.0.2 beta version (according https://www.openssl.org/news/secadv_20140407.txt)

shoque · « **Reply #7 on:** 2014-04-13, 14:01:53 »

Hello

My all servers OS version cent os 6.4 64 bit. Yes I'm still in risk. I have followed this instruction
http://www.centosblog.com/critical-openssl-vulnerability-heartbleed-openssl-1-0-1-1-0-1f-patch-bug-centos-system/

and this is work fine under plesk and direct admin server but I have 3 kloxo sever where all command taking but not this one is working

1 lsof -n | grep ssl | grep DEL

All my 3 kloxo server has risky version according to this
http://kb.parallels.com/en/120984

So what to do now? this command # rpm -q openssl still showing old risky version.

Thanks

MRatWork · « **Reply #8 on:** 2014-04-14, 11:39:51 »

This is information from 1 of my server:

Code: [Select]

> yum list openssl --showduplicates
Loaded plugins: fastestmirror, priorities, protectbase, replace, security
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: mirrors.lga7.us.voxel.net
 * extras: mirrors.advancedhosters.com
 * mratwork-epel: epel.mirror.constant.com
 * mratwork-ius: mirror.symnds.com
 * updates: mirror.es.its.nyu.edu
0 packages excluded due to repository protections
Installed Packages
openssl.x86_64               1.0.1e-16.el6_5.7                          @updates
Available Packages
openssl.i686                 1.0.1e-15.el6                              base    
openssl.x86_64               1.0.1e-15.el6                              base    
openssl.i686                 1.0.1e-16.el6_5                            updates 
openssl.x86_64               1.0.1e-16.el6_5                            updates 
openssl.i686                 1.0.1e-16.el6_5.1                          updates 
openssl.x86_64               1.0.1e-16.el6_5.1                          updates 
openssl.i686                 1.0.1e-16.el6_5.4                          updates 
openssl.x86_64               1.0.1e-16.el6_5.4                          updates 
openssl.i686                 1.0.1e-16.el6_5.4.0.1.centos               updates 
openssl.x86_64               1.0.1e-16.el6_5.4.0.1.centos               updates 
openssl.i686                 1.0.1e-16.el6_5.7                          updates 
openssl.x86_64               1.0.1e-16.el6_5.7                          updates

According to http://kb.parallels.com/en/120984, openssl already safe because already update to 1.0.1e-16.el6_5.7

shoque · « **Reply #9 on:** 2014-04-14, 17:58:13 »

Got problem Yum update command not working on my server! getting this error below

https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/x86_64/repodata/primary.sqlite.bz2: [Errno -1] Metadata file does not match checksum
Trying other mirror.
mratwork-release-neutral-arch/primary_db | 1.1 kB 00:00
https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/x86_64/repodata/primary.sqlite.bz2: [Errno -1] Metadata file does not match checksum
Trying other mirror.
Error: failure: repodata/primary.sqlite.bz2 from mratwork-release-neutral-arch: [Errno 256] No more mirrors to try.

Please let me know what to do

MRatWork · « **Reply #10 on:** 2014-04-15, 03:42:35 »

Need update mratwork-release/mratwork-testing with:

Code: [Select]

wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.2-5.noarch.rpm --no-check-certificate
    rpm -ivh mratwork-release-0.0.2-5.noarch.rpm
yum clean all
yum update

shoque · « **Reply #11 on:** 2014-04-15, 13:58:11 »

Litlle progress but stil error

https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/x86_64/repodata/primary.xml.gz: [Errno -1] Metadata file does not match checksum
Trying other mirror.
mratwork-release-neutral-arch/primary | 224 B 00:00
https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/x86_64/repodata/primary.xml.gz: [Errno -1] Metadata file does not match checksum
Trying other mirror.
Error: failure: repodata/primary.xml.gz from mratwork-release-neutral-arch: [Errno 256] No more mirrors to try.

Thanks

Author Topic: How to update Open SSL (Read 6658 times)

shoque

How to update Open SSL

MRatWork

Re: How to update Open SSL

shoque

Re: How to update Open SSL

MRatWork

Re: How to update Open SSL

shoque

Re: How to update Open SSL

Joe

Re: How to update Open SSL

MRatWork

Re: How to update Open SSL

shoque

Re: How to update Open SSL

MRatWork

Re: How to update Open SSL

shoque

Re: How to update Open SSL

MRatWork

Re: How to update Open SSL

shoque

Re: How to update Open SSL