OpenSSL vulnerability CVE-2014-0224

quizknows

Well-Known Member
Oct 20, 2009
1,008
86
78
cPanel Access Level
DataCenter Provider
Re: openssl security update, RHSA-2014:0625-1

I do not believe you need to run EA, someone please correct me if I'm wrong.

You do, however, need to restart any services using SSL. A lot of times just restarting the server is easier than restarting all the individual services.
 

vikins

Well-Known Member
Oct 3, 2006
115
1
168
I first did "yum clean all" then I did "yum update openssl" and here is the output:

Loaded plugins: fastestmirror
Determining fastest mirrors
epel/metalink | 12 kB 00:00
* epel: mirror.cogentco.com
base | 3.7 kB 00:00
base/primary_db | 3.5 MB 00:00
epel | 4.4 kB 00:00
epel/primary_db | 5.1 MB 00:00
extras | 3.4 kB 00:00
extras/primary_db | 18 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 2.9 MB 00:00
Setting up Update Process
No Packages marked for Update


Notice "No Packages marked for Update". I've tried it on two different CentOS servers, same thing. When I go to that actual mirror it is there:

Index of /pub/openssl

I don't understand what is going on, I'm not patached yet!

yum info openssl:

Version : 1.0.1e
Release : 16.el6_5.7

Why won't it download the new version?
 

vikins

Well-Known Member
Oct 3, 2006
115
1
168
Found this info:

/etc/yum.repos.d/CentOS-Base.repo

Comment out mirrorlist line and uncomment the baseurl line in each stanza.

Then run:
yum clean all
yum update openssl

Say YES to the prompt. You'll notice the updated version will not be 1.0.1h but a subversion of 1.0.1e, but it will be patched.

Now, reboot all of your services or just reboot your whole server to be sure.

Restore CentOS-Base.repo to its previous state.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,912
2,241
363
Hello :)

I just wanted to note that updates don't always change the version number. You can check to see if the patch has been backported after updating with a command such as:

Code:
rpm -q --changelog openssl | grep CVE-2014-0224
Thank you.