Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

OpenSSL Security Advisory (CVE-2012-2110) [19 Apr 2012]

Discussion in 'Security' started by rezman, Apr 19, 2012.

  1. rezman

    rezman Well-Known Member

    Joined:
    Feb 3, 2011
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    USA
    cPanel Access Level:
    Root Administrator
  2. raysolomon

    raysolomon Member

    Joined:
    Oct 12, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    151
    FYI - its already fixed. It says so if you read the OpenSSL Security Advisory you posted ;)


     
  3. rezman

    rezman Well-Known Member

    Joined:
    Feb 3, 2011
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    The source code has been fixed yes. Now it's up to people to download and install it. Your quote from the advisory even says "Affected users should upgrade to OpenSSL 1.0.1a, 1.0.0i or 0.9.8v".

    I'm currently running
    Code:
    openssl version
    OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Keeping in mind that CVE is from yesterday?, I think you'll find this item in the cPanel Documentation useful:
    PCI Compliance Scanning and Software Versions - cPanel Documentation

    If I follow those instructions and check my EDGE server I get this:
    Code:
    [root /]# rpm --changelog -q openssl-0.9.8e-22.el5_8.1|less
    * [B]Mon Mar 19 2012[/B] Tomas Mraz <tmraz@redhat.com> 0.9.8e-22.1
    - fix problem with the SGC restart patch that might terminate handshake
      incorrectly
    - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
    - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
    
    -snipped off at the legs here-
    I would think if your system is keeping itself up to date that this would be patched when a patch is pushed by your OS vendor.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If I rebuild the RPM database via WHM I see this:
    D: adding "0.9.8e-22.el5_8.1" to Provideversion index.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. rezman

    rezman Well-Known Member

    Joined:
    Feb 3, 2011
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    @Infopro

    Thank you, that is a much more helpful reply. Yours is the same match-up as mine so I'll just wait for RH to push the updates out.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice