The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone with this Openssh issue too ?

Discussion in 'General Discussion' started by cass, Sep 30, 2002.

  1. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    Every update I get ...

    ....
    nss_ldap is up to date
    Downloading openssh-3.1p1-6.i386.rpm
    Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
    1p1-6.i386.rpm
    Preparing... ########################################### [100%]
    package openssh-3.3p1-1 (which is newer than openssh-3.1p1-6) is already insta
    ed
    Downloading openssh-clients-3.1p1-6.i386.rpm
    Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
    ients-3.1p1-6.i386.rpm
    Preparing... ########################################### [100%]
    package openssh-clients-3.3p1-1 (which is newer than openssh-clients-3.1p1-6)
    already installed
    Downloading openssh-server-3.1p1-6.i386.rpm
    Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
    rver-3.1p1-6.i386.rpm
    Preparing... ########################################### [100%]
    package openssh-server-3.3p1-1 (which is newer than openssh-server-3.1p1-6) is
    lready installed
    openssl is up to date
    openssl-devel is up to date
    ...
    ...

    Is this bad ? ...
    So I have 3.3 installed ... why dont cpanel update to 3.3 the servers?
    I want to know ... if I need to downgrade for any reason or so...

    anyone?
    Thakns! :)
     
  2. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
  3. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
  4. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:252d38a266][i:252d38a266]Originally posted by cass[/i:252d38a266]

    Every update I get ...

    ....
    nss_ldap is up to date
    Downloading openssh-3.1p1-6.i386.rpm
    Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
    1p1-6.i386.rpm
    Preparing... ########################################### [100%]
    package openssh-3.3p1-1 (which is newer than openssh-3.1p1-6) is already insta
    ed
    Downloading openssh-clients-3.1p1-6.i386.rpm
    Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
    ients-3.1p1-6.i386.rpm
    Preparing... ########################################### [100%]
    package openssh-clients-3.3p1-1 (which is newer than openssh-clients-3.1p1-6)
    already installed
    Downloading openssh-server-3.1p1-6.i386.rpm
    Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
    rver-3.1p1-6.i386.rpm
    Preparing... ########################################### [100%]
    package openssh-server-3.3p1-1 (which is newer than openssh-server-3.1p1-6) is
    lready installed
    openssl is up to date
    openssl-devel is up to date
    ...
    ...

    Is this bad ? ...
    So I have 3.3 installed ... why dont cpanel update to 3.3 the servers?
    I want to know ... if I need to downgrade for any reason or so...

    anyone?
    Thakns! :)

    [/quote:252d38a266]
    Red Hat has patched Open SSH 3.1p1 and offered their own builds:
    They usually patch stable releases of softwares and after a lot of tests and reviewing codes they modify softwares and follow this policy; &latest is not the best always& stability and security are their goals. This is why they usually offer their builds.

    You are not vulnerable if you use these builds:


    Red Hat 7.0 and 7.1:
    openssh-3.1p1-5
    openssh-clients-3.1p1-5
    openssh-server-3.1p1-5

    Red Hat 7.2 and 7.3:
    openssh-3.1p1-6
    openssh-clients-3.1p1-6
    openssh-server-3.1p1-6

    Then Canel installs the latest Red Hat builds and you have installed 3.3 manually from a non-Red Hat source, because as the date of this post Red Hat hasn't offered OpenSSH 3.3 RPM release

    You can remove 3.3 manually and use /scripts/upcp
     
  5. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    duplicated post, see above
     
  6. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    Well... I have RedHat 7.3, and I have not installed any &non-rpm& openssl.
    If it's installed has to be an RPM.

    but well... can be something from the apt-get ;) but is an RPM sure.

    Thanks for your info.
     
  7. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:c774e7bea0][i:c774e7bea0]Originally posted by cass[/i:c774e7bea0]

    Well... I have RedHat 7.3, and I have not installed any &non-rpm& openssl.
    If it's installed has to be an RPM.

    but well... can be something from the apt-get ;) but is an RPM sure.

    Thanks for your info.
    [/quote:c774e7bea0]

    What I wrote is:
    &…Cpanel installs the latest Red Hat builds and you have installed 3.3 manually from a non-Red Hat source, because as the date of this post Red Hat hasn't offered OpenSSH 3.3 RPM release&

    apt-get is not official site of Red Hat also Red Hat hasn't offered OpenSSH 3.3 RPMs, also &...have installed 3.3 manually from a non-Red Hat source& means Cpanel hasn't installed it and you manually installed another software either RPM package or tar.gz, it doesn't matter.

    RPM is a packaging tool for softwares in Red Hat Linux and RPM releases could be generated by any source but we are talking about Red Hat RPMs. It means if you see an RPM release, it doesn't mean that it is offered by Red Hat, [b:c774e7bea0]Red Hat RPM Packages have Red Hat's Signature and are offered via Red Hat official web site or its mirrors or Distribution packages[/b:c774e7bea0]
     
Loading...

Share This Page