Re: Upgrading OpenSSL on RHEL5
On 24/04/14 01:46, Peter Waltenberg wrote: rpm -q --changelog openssl | grep CVE AFAIU RedHat backports CVE's to the version of openssl included in RHEL5 (0.9.8e) FWIW: this is the changelog from a Scientific Linux 5 box: rpm -q --changelog openssl | grep CVE - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) environment variable is set (fixes CVE-2012-4929 #857051) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 CVE-2012-0050 - DTLS plaintext recovery - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - fix CVE-2010-4180 - completely disable code for - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which - fix CVE-2009-3555 - support the safe renegotiation extension and - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data() - fix CVE-2009-1386 CVE-2009-1387 (DTLS DoS problems) - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 - fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304) - fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671) - fix CVE-2007-3108 - side channel attack on private keys (#250581) - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309881) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321221) - CVE-2006-2940 fix was incorrect (#208744) - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940) - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) environment variable is set (fixes CVE-2012-4929 #857051) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 CVE-2012-0050 - DTLS plaintext recovery - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - fix CVE-2010-4180 - completely disable code for - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which - fix CVE-2009-3555 - support the safe renegotiation extension and - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data() - fix CVE-2009-1386 CVE-2009-1387 (DTLS DoS problems) - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 - fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304) - fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671) - fix CVE-2007-3108 - side channel attack on private keys (#250581) - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309881) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321221) - CVE-2006-2940 fix was incorrect (#208744) - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940) - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) it will be very hard to upgrade to a newer version of openssl (1.0? I'd say forget it) , as many packages depend on either openssl, libssl.so.6 and or libcrypto.so.6 (don't ask me where the 6 came from). The best you could achieve is to download the latest 0.9.8 release, build an RPM for that based on the RHEL5 spec file and try to upgrade your openssl library that way. HTH, JJK __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Upgrading OpenSSL on RHEL5
- Original Message - From: Shruti Palshikar shr...@buysidefx.com To: openssl-dev@openssl.org Sent: Wednesday, 23 April, 2014 5:50:45 PM Subject: Upgrading OpenSSL on RHEL5 Hello, I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using OpenSSL version shipped in RHEL 5 is the newest version that's compatible with other applications and tools shipped in this RHEL version. It does have all the important bug fixes and security fixes backported (if you think it is missing something, please contact us through Customer Portal). If you want to have a newer openssl version (e.g. to have support for AES-GCM or TLS1.2), you will have to upgrade to newer RHEL release (6.5). If you need only a single application to support newer cryptography, you shouldn't replace the system version of openssl with version 1.0.x or you will most likely break your install. -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Upgrading OpenSSL on RHEL5
Hi Shruti, As per openssl, version 0.98e is not infected with hearbleed issue. You can check on below link. http://www.openssl.org/news/secadv_20140407.txt Regards, Lokesh Jangir On Thu, Apr 24, 2014 at 6:47 PM, Shruti Palshikar shr...@buysidefx.comwrote: Thanks everyone for the help, does anybody know if RHEL5 with version 0.98e of openssl has a fix for TLS/SSL renegotiation vulnerability? On Thu, Apr 24, 2014 at 7:40 AM, Hubert Kario hka...@redhat.com wrote: - Original Message - From: Shruti Palshikar shr...@buysidefx.com To: openssl-dev@openssl.org Sent: Wednesday, 23 April, 2014 5:50:45 PM Subject: Upgrading OpenSSL on RHEL5 Hello, I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using OpenSSL version shipped in RHEL 5 is the newest version that's compatible with other applications and tools shipped in this RHEL version. It does have all the important bug fixes and security fixes backported (if you think it is missing something, please contact us through Customer Portal). If you want to have a newer openssl version (e.g. to have support for AES-GCM or TLS1.2), you will have to upgrade to newer RHEL release (6.5). If you need only a single application to support newer cryptography, you shouldn't replace the system version of openssl with version 1.0.x or you will most likely break your install. -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Thanks, Shruti Palshikar 617 784 8358 BuysideFXhttps://app.getsignals.com/link?url=http%3A%2F%2Fwww.buysidefx.com%2Fukey=agxzfnNpZ25hbHNjcnhyFAsSC1VzZXJQcm9maWxlGLr_3AMMk=a1b9ff13b42c4509a0ed70bae764a41a *Solving foreign exchange problems * *for institutional money managers*
Re: Upgrading OpenSSL on RHEL5
Thanks Hubert On Thu, Apr 24, 2014 at 10:20 AM, Hubert Kario hka...@redhat.com wrote: - Original Message - From: Shruti Palshikar shr...@buysidefx.com To: openssl-dev@openssl.org Sent: Thursday, 24 April, 2014 3:33:50 PM Subject: Re: Upgrading OpenSSL on RHEL5 I was referring to the TLS/SSL renegotiation vulnerability. Do you know if the 0.98e version has the fix? Yes, CVE-2009-3555 is fixed in the openssl package as shipped in RHEL-5: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555#c105 -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Thanks, Shruti Palshikar 617 784 8358 BuysideFXhttps://app.getsignals.com/link?url=http%3A%2F%2Fwww.buysidefx.com%2Fukey=agxzfnNpZ25hbHNjcnhyFAsSC1VzZXJQcm9maWxlGLr_3AMMk=a1b9ff13b42c4509a0ed70bae764a41a *Solving foreign exchange problems * *for institutional money managers*
Upgrading OpenSSL on RHEL5
Hello, I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using 1. yum search openSSL Loaded plugins: downloadonly, replace, rhnplugin, security This system is receiving updates from RHN Classic or RHN Satellite. drivesrvr |951 B 00:00 rhel-raxmon |951 B 00:00 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Finished == Matched: openssl == easy-rsa.noarch : Simple shell based CA utility globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error HandlingDevelopment Files globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Development Files globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Documentation Files globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Documentation Files globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Programs libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version) libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de version) lua-sec.x86_64 : Lua binding for OpenSSL library m2crypto.x86_64 : Support for using OpenSSL in python scripts mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit openscada-Transport-SSL.x86_64 : Open SCADA transports openssl.i686 : The OpenSSL toolkit openssl.x86_64 : The OpenSSL toolkit openssl-devel.i386 : Files for development of applications which will use OpenSSL openssl-devel.x86_64 : Files for development of applications which will use OpenSSL openssl-perl.x86_64 : Perl scripts provided with OpenSSL openssl097a.i386 : The OpenSSL toolkit openssl097a.x86_64 : The OpenSSL toolkit openvpn.x86_64 : A full-featured SSL VPN solution perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509 perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification, encryption and decryption perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP https support perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL pkcs11-helper.i386 : A library for using PKCS#11 providers pkcs11-helper.x86_64 : A library for using PKCS#11 providers pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6 scripts tomcat-native.x86_64 : Tomcat native library tomcatjss.noarch : JSSE implementation using JSS for Tomcat xmlsec1.i386 : Library providing support for XML Signature and XML Encryption standards xmlsec1.x86_64 : Library providing support for XML Signature and XML Encryption standards xmlsec1-openssl.i386 : OpenSSL crypto plugin for XML Security Library xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library xmlsec1-openssl-devel.i386 : OpenSSL crypto plugin for XML Security Library xmlsec1-openssl-devel.x86_64 : OpenSSL crypto plugin for XML Security Library 2. yum info openssl-devel Loaded plugins: downloadonly, replace, rhnplugin, security This system is receiving updates from RHN Classic or RHN Satellite. drivesrvr | 951 B 00:00 rh el-raxmon | 951 B 00:00 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Finished Installed Packages Name : openssl-devel Arch : x86_64 Version: 0.9.8e Release: 27.el5_10.1 Size : 5.1
Re: Upgrading OpenSSL on RHEL5
Shruti, This is probably not the right list to ask that question but i'm going to help you anyways. OpenSSL is a library and you can't simply upgrade it across your entire RHEL installation. What you need is for the packages that you have installed who have dependencies on OpenSSL to update their packages to have a dependency on the newer version. I believe there is a yum update or yum upgrade command which will attempt to update any packages that are out of date. You are at the mercy of the package owners and the RHEL repository folk. -Paul On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar shr...@buysidefx.com wrote: Hello, I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using 1. yum search openSSL Loaded plugins: downloadonly, replace, rhnplugin, security This system is receiving updates from RHN Classic or RHN Satellite. drivesrvr |951 B 00:00 rhel-raxmon |951 B 00:00 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Finished == Matched: openssl == easy-rsa.noarch : Simple shell based CA utility globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error HandlingDevelopment Files globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Development Files globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Documentation Files globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Documentation Files globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Programs libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version) libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de version) lua-sec.x86_64 : Lua binding for OpenSSL library m2crypto.x86_64 : Support for using OpenSSL in python scripts mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit openscada-Transport-SSL.x86_64 : Open SCADA transports openssl.i686 : The OpenSSL toolkit openssl.x86_64 : The OpenSSL toolkit openssl-devel.i386 : Files for development of applications which will use OpenSSL openssl-devel.x86_64 : Files for development of applications which will use OpenSSL openssl-perl.x86_64 : Perl scripts provided with OpenSSL openssl097a.i386 : The OpenSSL toolkit openssl097a.x86_64 : The OpenSSL toolkit openvpn.x86_64 : A full-featured SSL VPN solution perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509 perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification, encryption and decryption perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP https support perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL pkcs11-helper.i386 : A library for using PKCS#11 providers pkcs11-helper.x86_64 : A library for using PKCS#11 providers pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6 scripts tomcat-native.x86_64 : Tomcat native library tomcatjss.noarch : JSSE implementation using JSS for Tomcat xmlsec1.i386 : Library providing support for XML Signature and XML Encryption standards xmlsec1.x86_64 : Library providing support for XML Signature and XML Encryption standards xmlsec1-openssl.i386 : OpenSSL crypto plugin for XML Security Library xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library xmlsec1-openssl-devel.i386 : OpenSSL crypto plugin for XML Security
Re: Upgrading OpenSSL on RHEL5
Hi Paul, I misunderstood the community for being a discussion thread for common issues faced. Thank you for the help. The yum command does not run as expected On Wed, Apr 23, 2014 at 4:02 PM, Paul Vander Griend paul.vandergri...@gmail.com wrote: Shruti, This is probably not the right list to ask that question but i'm going to help you anyways. OpenSSL is a library and you can't simply upgrade it across your entire RHEL installation. What you need is for the packages that you have installed who have dependencies on OpenSSL to update their packages to have a dependency on the newer version. I believe there is a yum update or yum upgrade command which will attempt to update any packages that are out of date. You are at the mercy of the package owners and the RHEL repository folk. -Paul On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar shr...@buysidefx.com wrote: Hello, I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using 1. yum search openSSL Loaded plugins: downloadonly, replace, rhnplugin, security This system is receiving updates from RHN Classic or RHN Satellite. drivesrvr |951 B 00:00 rhel-raxmon |951 B 00:00 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Finished == Matched: openssl == easy-rsa.noarch : Simple shell based CA utility globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error HandlingDevelopment Files globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Development Files globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Documentation Files globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Documentation Files globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Programs libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version) libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de version) lua-sec.x86_64 : Lua binding for OpenSSL library m2crypto.x86_64 : Support for using OpenSSL in python scripts mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit openscada-Transport-SSL.x86_64 : Open SCADA transports openssl.i686 : The OpenSSL toolkit openssl.x86_64 : The OpenSSL toolkit openssl-devel.i386 : Files for development of applications which will use OpenSSL openssl-devel.x86_64 : Files for development of applications which will use OpenSSL openssl-perl.x86_64 : Perl scripts provided with OpenSSL openssl097a.i386 : The OpenSSL toolkit openssl097a.x86_64 : The OpenSSL toolkit openvpn.x86_64 : A full-featured SSL VPN solution perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509 perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification, encryption and decryption perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP https support perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL pkcs11-helper.i386 : A library for using PKCS#11 providers pkcs11-helper.x86_64 : A library for using PKCS#11 providers pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6 scripts tomcat-native.x86_64 : Tomcat native library tomcatjss.noarch : JSSE implementation using JSS for Tomcat xmlsec1.i386 : Library providing support for
Re: Upgrading OpenSSL on RHEL5
Shruti, No worries. The command should be yum update all. Again, this does not guarantee that there are not packages that depend on an older version of openssl. For more questions related to this topic you should try an RHEL or Fedora forum. Good luck. -Paul On Wed, Apr 23, 2014 at 3:18 PM, Shruti Palshikar shr...@buysidefx.com wrote: Hi Paul, I misunderstood the community for being a discussion thread for common issues faced. Thank you for the help. The yum command does not run as expected On Wed, Apr 23, 2014 at 4:02 PM, Paul Vander Griend paul.vandergri...@gmail.com wrote: Shruti, This is probably not the right list to ask that question but i'm going to help you anyways. OpenSSL is a library and you can't simply upgrade it across your entire RHEL installation. What you need is for the packages that you have installed who have dependencies on OpenSSL to update their packages to have a dependency on the newer version. I believe there is a yum update or yum upgrade command which will attempt to update any packages that are out of date. You are at the mercy of the package owners and the RHEL repository folk. -Paul On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar shr...@buysidefx.com wrote: Hello, I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using 1. yum search openSSL Loaded plugins: downloadonly, replace, rhnplugin, security This system is receiving updates from RHN Classic or RHN Satellite. drivesrvr |951 B 00:00 rhel-raxmon |951 B 00:00 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Finished == Matched: openssl == easy-rsa.noarch : Simple shell based CA utility globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error HandlingDevelopment Files globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Development Files globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Documentation Files globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Documentation Files globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Programs libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version) libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de version) lua-sec.x86_64 : Lua binding for OpenSSL library m2crypto.x86_64 : Support for using OpenSSL in python scripts mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit openscada-Transport-SSL.x86_64 : Open SCADA transports openssl.i686 : The OpenSSL toolkit openssl.x86_64 : The OpenSSL toolkit openssl-devel.i386 : Files for development of applications which will use OpenSSL openssl-devel.x86_64 : Files for development of applications which will use OpenSSL openssl-perl.x86_64 : Perl scripts provided with OpenSSL openssl097a.i386 : The OpenSSL toolkit openssl097a.x86_64 : The OpenSSL toolkit openvpn.x86_64 : A full-featured SSL VPN solution perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509 perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification, encryption and decryption perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP https support perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL pkcs11-helper.i386 : A library for using PKCS#11 providers pkcs11-helper.x86_64 : A library for using PKCS#11 providers
Re: Upgrading OpenSSL on RHEL5
I stumbled across this a few days ago. Which will at least tell you if the OS openssl package was patched on RedHat based systems. rpm -q --changelog openssl or to save time rpm -q --changelog openssl | grep CVE Peter From: Paul Vander Griend paul.vandergri...@gmail.com To: openssl-dev@openssl.org Date: 24/04/2014 06:37 AM Subject:Re: Upgrading OpenSSL on RHEL5 Sent by:owner-openssl-...@openssl.org Shruti, No worries. The command should be yum update all. Again, this does not guarantee that there are not packages that depend on an older version of openssl. For more questions related to this topic you should try an RHEL or Fedora forum. Good luck. -Paul On Wed, Apr 23, 2014 at 3:18 PM, Shruti Palshikar shr...@buysidefx.com wrote: Hi Paul, I misunderstood the community for being a discussion thread for common issues faced. Thank you for the help. The yum command does not run as expected On Wed, Apr 23, 2014 at 4:02 PM, Paul Vander Griend paul.vandergri...@gmail.com wrote: Shruti, This is probably not the right list to ask that question but i'm going to help you anyways. OpenSSL is a library and you can't simply upgrade it across your entire RHEL installation. What you need is for the packages that you have installed who have dependencies on OpenSSL to update their packages to have a dependency on the newer version. I believe there is a yum update or yum upgrade command which will attempt to update any packages that are out of date. You are at the mercy of the package owners and the RHEL repository folk. -Paul On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar shr...@buysidefx.com wrote: Hello, I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using 1. yum search openSSL Loaded plugins: downloadonly, replace, rhnplugin, security This system is receiving updates from RHN Classic or RHN Satellite. drivesrvr |951 B 00:00 rhel-raxmon |951 B 00:00 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Finished == Matched: openssl == easy-rsa.noarch : Simple shell based CA utility globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error HandlingDevelopment Files globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Development Files globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Documentation Files globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Documentation Files globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Programs libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version) libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de version) lua-sec.x86_64 : Lua binding for OpenSSL library m2crypto.x86_64 : Support for using OpenSSL in python scripts mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit openscada-Transport-SSL.x86_64 : Open SCADA transports openssl.i686 : The OpenSSL toolkit openssl.x86_64 : The OpenSSL toolkit openssl-devel.i386 : Files for development of applications which will use OpenSSL openssl-devel.x86_64 : Files for development of applications which will use OpenSSL openssl-perl.x86_64 : Perl scripts provided with OpenSSL openssl097a.i386 : The OpenSSL toolkit openssl097a.x86_64 : The OpenSSL toolkit openvpn.x86_64 : A full-featured SSL VPN solution perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random perl-Crypt
