OpenSSL Vulnerability Fix
Hi All,
I wanted to fix the openssl vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd has the fixes I am looking for (from the https://www.openssl.org/news/vulnerabilities.html link).
But, When I tried to find the openssl-0.9.8zd rpm package, I did not find it in http://mirror.CentOS.org/CentOS/5/updates/x86_64/RPMS/.
The latest that I could find was 0.9.8e-31-el5.
Can you please help me on how can I find the rpm I am looking for or How can I fix the vulnerabilities.?
Thanks for your help.
4 thoughts on - OpenSSL Vulnerability Fix
CentOS 5 is not affected by this bug, so fix is not available.
Eero:
31.3.2015 9.48 ap. kirjoitti “Venkateswara Rao Dokku”
just for my curiosity, How can we make sure that its not affected?
Is there any script to check whether its vulnerable or not (as in bash shell shock vulnerability test)?
Well, read article from: https://access.redhat.com/articles/1384453
Anyway, If You are really running CentOS 5.5 then you are missing more important security patches and you should immediately update to latest version 5.11
You can run both client and server tests from:
https://www.ssllabs.com/
Nataraj