Is there a recommended update path for the CVE-2014-0224 vulnerability in OpenSSL? Unlike Heartbleed it looks like all OpenSSL versions are affected.
openssl security update, RHSA-2014:0625-1
Hi, just saw this security advisory
https://rhn.redhat.com/errata/RHSA-2014-0625.html
OpenSSL security advisory - Vulnerabilities - Web Hosting Talk
A yum update installs the new version, but do we need to recompile Apache if we've used EasyApache?
thanks
Hi, just saw this security advisory
https://rhn.redhat.com/errata/RHSA-2014-0625.html
OpenSSL security advisory - Vulnerabilities - Web Hosting Talk
A yum update installs the new version, but do we need to recompile Apache if we've used EasyApache?
thanks
Re: openssl security update, RHSA-2014:0625-1
I do not believe you need to run EA, someone please correct me if I'm wrong.
You do, however, need to restart any services using SSL. A lot of times just restarting the server is easier than restarting all the individual services.
I do not believe you need to run EA, someone please correct me if I'm wrong.
You do, however, need to restart any services using SSL. A lot of times just restarting the server is easier than restarting all the individual services.
Infopro
Well-Known Member
Infopro
Well-Known Member
I first did "yum clean all" then I did "yum update openssl" and here is the output:
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/metalink | 12 kB 00:00
* epel: mirror.cogentco.com
base | 3.7 kB 00:00
base/primary_db | 3.5 MB 00:00
epel | 4.4 kB 00:00
epel/primary_db | 5.1 MB 00:00
extras | 3.4 kB 00:00
extras/primary_db | 18 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 2.9 MB 00:00
Setting up Update Process
No Packages marked for Update
Notice "No Packages marked for Update". I've tried it on two different CentOS servers, same thing. When I go to that actual mirror it is there:
Index of /pub/openssl
I don't understand what is going on, I'm not patached yet!
yum info openssl:
Version : 1.0.1e
Release : 16.el6_5.7
Why won't it download the new version?
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/metalink | 12 kB 00:00
* epel: mirror.cogentco.com
base | 3.7 kB 00:00
base/primary_db | 3.5 MB 00:00
epel | 4.4 kB 00:00
epel/primary_db | 5.1 MB 00:00
extras | 3.4 kB 00:00
extras/primary_db | 18 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 2.9 MB 00:00
Setting up Update Process
No Packages marked for Update
Notice "No Packages marked for Update". I've tried it on two different CentOS servers, same thing. When I go to that actual mirror it is there:
Index of /pub/openssl
I don't understand what is going on, I'm not patached yet!
yum info openssl:
Version : 1.0.1e
Release : 16.el6_5.7
Why won't it download the new version?
Found this info:
/etc/yum.repos.d/CentOS-Base.repo
Comment out mirrorlist line and uncomment the baseurl line in each stanza.
Then run:
yum clean all
yum update openssl
Say YES to the prompt. You'll notice the updated version will not be 1.0.1h but a subversion of 1.0.1e, but it will be patched.
Now, reboot all of your services or just reboot your whole server to be sure.
Restore CentOS-Base.repo to its previous state.
/etc/yum.repos.d/CentOS-Base.repo
Comment out mirrorlist line and uncomment the baseurl line in each stanza.
Then run:
yum clean all
yum update openssl
Say YES to the prompt. You'll notice the updated version will not be 1.0.1h but a subversion of 1.0.1e, but it will be patched.
Now, reboot all of your services or just reboot your whole server to be sure.
Restore CentOS-Base.repo to its previous state.
Hello 
I just wanted to note that updates don't always change the version number. You can check to see if the patch has been backported after updating with a command such as:
Thank you.
I just wanted to note that updates don't always change the version number. You can check to see if the patch has been backported after updating with a command such as:
Code:
rpm -q --changelog openssl | grep CVE-2014-0224| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| S | The certificate chain failed OpenSSL’s verification | Security | 1 | |
| C | OpenSSL error: data too large for modulus | Security | 7 | |
| S | SOLVED Defect: OPENSSL_VERIFY | Security | 7 | |
| C | The certificate chain failed OpenSSL verification error | Security | 2 | |
| C | OpenSSL 1.1.1 with TLS 1.3 updates? | Security | 19 |