The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL used with cpanel vulenrable

Discussion in 'General Discussion' started by Angel78, Jun 30, 2003.

  1. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
  2. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    My box has OpenSSL/0.9.6b on it and they are up to H now? Whats up with this?

    cPanel.net Support Ticket Number:
     
  3. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    i did upgrade OpenSSH, but openSSL is stil default

    # openssl version
    OpenSSL 0.9.6b [engine] 9 Jul 2001

    cPanel.net Support Ticket Number:
     
  4. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    :) dont change posts that quickly :)

    cPanel.net Support Ticket Number:
     
  5. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I always thought Red Hat often patches older versions instead of upgrading to a newer version.

    I asked CPanel support, and they told me the same :

    RedHat usually patches old versions of software to fix security issues rather than upgrading

    The problem with this approach is that it makes it difficult to keep track of what is actually patched and what is not.

    cPanel.net Support Ticket Number:
     
  6. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Thats why we upgraded OpenSSH to the latest. Im not waiting around to get hacked because RH deploys some patched version nobody knows about. Who knows what they patch and fix if at all.

    cPanel.net Support Ticket Number:
     
  7. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Sorry, ill try not to but you can delete you msg too.

    cPanel.net Support Ticket Number:
     
  8. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Generally its breaks less if you take this approch :)

    rpm -q openssl --changelog

    cPanel.net Support Ticket Number:
     
  9. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Although I agree that in most cases, patching is better than upgrading; for Kernels and/or other software major upgrades, somethng is not quite right here.

    # openssl version
    OpenSSL 0.9.6b [engine] 9 Jul 2001

    So we notice the date is quite old and no sub-set is mentioned, such as mentioned when using:

    rpm -q openssl --changelog

    * Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-32.7
    - rebuild for previous release


    http://www.openssl.org/source/

    Shows many new releases and apparently, openssl-0.9.6j is the version to have -- or even the latest: openssl-0.9.7b.


    So my question would be: How does one find out what version sub-set one has and why (apparently) is RH not recommending or providing any of the newer v9.6x versions?

    Anyone...

    cPanel.net Support Ticket Number:
     
  10. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I did some rpm searches on rpmfind.net looking for the latest rpm's:

    RedHat-7.3 Updates for i386 openssl-0.9.6b-32.7.i386.rpm
    Build date: Wed Mar 19 12:08:09 2003

    RedHat-8.0 Updates for i386 openssl-0.9.6b-33.i386.rpm
    Build date: Wed Mar 19 12:38:05 2003

    RedHat-9 Updates for i386 openssl-0.9.7a-5.i386.rpm
    Build date: Wed Mar 19 12:17:50 2003

    As you can see there is a 0.9.7 rpm for RH 9, my guess is that they won't spend much time working on upgrades for RH 7.3 & 8 anymore and stick to the 'patching' approach until they stop doing that as well.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page