The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Upgrade OpenSSL/0.9.7a to 0.9.8

Discussion in 'General Discussion' started by wills, Sep 5, 2005.

  1. wills

    wills Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    202
    Likes Received:
    1
    Trophy Points:
    18
    A customer of our ran a security scan (securitymetrics.com) and here is what he got:

    The remote host is using a version of OpenSSL which is older than 0.9.6m or 0.9.7d There are several bug in this version of OpenSSL which may allow an attacker to cause a denial of service against the remote host. The test server solely relied on the banner of the remote host to issue this warning Solution: Upgrade to version 0.9.6m (0.9.7d) or newer. Risk Factor: Medium CVE: CAN-2004-0079, CAN-2004-0081, CAN-2004-0112 BID: 9899

    I see that the server is running OpenSSL/0.9.7a. Is it safe to upgrade to the latest version with up2date?
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I don't remember the exact specific wording (Chirpy's good at explaining this one), however RedHat tends to backport security updates for compatibility and stability issues.

    My understanding of this is that RH patches older versions rather than presenting potential problems through introducing newer versions.

    Therefore if you keep your server regularly updated with yum or up2date, your OS should be installing the correctly secured bits and pieces and you shouldn't go installing newer versions unless you absolutely really definitely have to.

    0.9.7a, I believe, is fine.

    You might also want to search these forums for the keyword "backport" as that should find you some posts on this exact topic with a more coherent explanation.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  4. wills

    wills Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    202
    Likes Received:
    1
    Trophy Points:
    18
    Thank you guys.
     
Loading...

Share This Page