Upgrading OpenSSL on RHEL5

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrading OpenSSL on RHEL5

Shruti Palshikar
Hello,

I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it using yum commad (it kept pausing with the messages - No packages marked for update) I found out that this was not installed from the source but was present along with RHEL in the /usr directory. Following are some helpful commands to give you an idea of the machine and openSSL I am using

1. yum search openSSL
Loaded plugins: downloadonly, replace, rhnplugin, security
 This system is receiving updates from RHN Classic or RHN Satellite.
 drivesrvr                                                                                                                                                                                       |    951 B     00:00
 rhel-raxmon                                                                                                                                                                                    |    951 B     00:00
 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
 Finished
================================================================================================== Matched: openssl ==================================================================================================
easy-rsa.noarch : Simple shell based CA utility
globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error Handling
globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling
globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error Handling        Development Files
globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Development Files
globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error Handling Documentation Files
globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper
globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper
globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files
globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Development Files
globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Documentation Files
globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module Wrapper Programs
libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version)
 libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de version)
 lua-sec.x86_64 : Lua binding for OpenSSL library
 m2crypto.x86_64 : Support for using OpenSSL in python scripts
 mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit
 openscada-Transport-SSL.x86_64 : Open SCADA transports
 openssl.i686 : The OpenSSL toolkit
 openssl.x86_64 : The OpenSSL toolkit
 openssl-devel.i386 : Files for development of applications which will use OpenSSL
 openssl-devel.x86_64 : Files for development of applications which will use OpenSSL
 openssl-perl.x86_64 : Perl scripts provided with OpenSSL
 openssl097a.i386 : The OpenSSL toolkit
 openssl097a.x86_64 : The OpenSSL toolkit
 openvpn.x86_64 : A full-featured SSL VPN solution
 perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES
 perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum
 perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA
 perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA
 perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random
 perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509
 perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification, encryption and  decryption
 perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP https support
 perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL
 pkcs11-helper.i386 : A library for using PKCS#11 providers
 pkcs11-helper.x86_64 : A library for using PKCS#11 providers
 pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library
 python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module
 python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6 scripts
 tomcat-native.x86_64 : Tomcat native library
 tomcatjss.noarch : JSSE implementation using JSS for Tomcat
 xmlsec1.i386 : Library providing support for "XML Signature" and "XML Encryption"  standards
 xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML Encryption" standards
 xmlsec1-openssl.i386 : OpenSSL crypto plugin for XML Security Library
 xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
 xmlsec1-openssl-devel.i386 : OpenSSL crypto plugin for XML Security Library
 xmlsec1-openssl-devel.x86_64 : OpenSSL crypto plugin for XML Security Library

2. yum info openssl-devel
Loaded plugins: downloadonly, replace, rhnplugin, security
This system is receiving updates from RHN Classic or RHN Satellite.
drivesrvr                                                                                                                                                                                      |      951 B     00:00
rh el-raxmon                                                                                                                                                                                    |      951 B     00:00
 Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
 Finished
 Installed Packages
 Name       : openssl-devel
 Arch       : x86_64
 Version    : 0.9.8e
 Release    : 27.el5_10.1
 Size       : 5.1 M
 Repo       : installed
 Summary    : Files for development of applications which will use OpenSSL
 URL        : http://www.openssl.org/
 License    : BSDish
 Description: OpenSSL is a toolkit for supporting cryptography. The openssl-devel
            : package contains static libraries and include files needed to develop
            : applications which support various cryptographic algorithms and
            : protocols.

 Available Packages
 Name       : openssl-devel
 Arch       : i386
 Version    : 0.9.8e
 Release    : 27.el5_10.1
 Size       : 1.9 M
 Repo       : rhel-x86_64-server-5
 Summary    : Files for development of applications which will use OpenSSL
 License    : BSDish
 Description: OpenSSL is a toolkit for supporting cryptography. The openssl-devel
            : package contains static libraries and include files needed to develop
            : applications which support various cryptographic algorithms and
            : protocols.
How can I upgrade from 0.98e version to the latest one without using yum from  the source? Should I replace this installation?

--
Thanks,
Shruti Palshikar
617 784 8358
Solving foreign exchange problems 
for institutional money managers

Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Paul Vander Griend
Shruti,

 This is probably not the right list to ask that question but i'm
going to help you anyways.

  OpenSSL is a library and you can't simply upgrade it across your
entire RHEL installation. What you need is for the packages that you
have installed who have dependencies on OpenSSL to update their
packages to have a dependency on the newer version. I believe there is
a yum update or yum upgrade command which will attempt to update any
packages that are out of date. You are at the mercy of the package
owners and the RHEL repository folk.

-Paul


On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar <[hidden email]> wrote:

> Hello,
>
> I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update
> it using yum commad (it kept pausing with the messages - No packages marked
> for update) I found out that this was not installed from the source but was
> present along with RHEL in the /usr directory. Following are some helpful
> commands to give you an idea of the machine and openSSL I am using
>
> 1. yum search openSSL
>
> Loaded plugins: downloadonly, replace, rhnplugin, security
>  This system is receiving updates from RHN Classic or RHN Satellite.
>  drivesrvr
> |    951 B     00:00
>  rhel-raxmon
> |    951 B     00:00
>  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
>  Finished
> ==================================================================================================
> Matched: openssl
> ==================================================================================================
> easy-rsa.noarch : Simple shell based CA utility
> globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error
> Handling
> globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error
> Handling
> globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error
> Handling        Development Files
> globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL
> Error Handling Development Files
> globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error
> Handling Documentation Files
> globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper
> globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper
> globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Development Files
> globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Development Files
> globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Documentation Files
> globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Programs
> libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version)
>  libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de
> version)
>  lua-sec.x86_64 : Lua binding for OpenSSL library
>  m2crypto.x86_64 : Support for using OpenSSL in python scripts
>  mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit
>  openscada-Transport-SSL.x86_64 : Open SCADA transports
>  openssl.i686 : The OpenSSL toolkit
>  openssl.x86_64 : The OpenSSL toolkit
>  openssl-devel.i386 : Files for development of applications which will use
> OpenSSL
>  openssl-devel.x86_64 : Files for development of applications which will use
> OpenSSL
>  openssl-perl.x86_64 : Perl scripts provided with OpenSSL
>  openssl097a.i386 : The OpenSSL toolkit
>  openssl097a.x86_64 : The OpenSSL toolkit
>  openvpn.x86_64 : A full-featured SSL VPN solution
>  perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES
>  perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum
>  perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA
>  perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA
>  perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random
>  perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509
>  perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification, encryption
> and  decryption
>  perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP
> https support
>  perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL
>  pkcs11-helper.i386 : A library for using PKCS#11 providers
>  pkcs11-helper.x86_64 : A library for using PKCS#11 providers
>  pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library
>  python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module
>  python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6 scripts
>  tomcat-native.x86_64 : Tomcat native library
>  tomcatjss.noarch : JSSE implementation using JSS for Tomcat
>  xmlsec1.i386 : Library providing support for "XML Signature" and "XML
> Encryption"  standards
>  xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML
> Encryption" standards
>  xmlsec1-openssl.i386 : OpenSSL crypto plugin for XML Security Library
>  xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
>  xmlsec1-openssl-devel.i386 : OpenSSL crypto plugin for XML Security Library
>  xmlsec1-openssl-devel.x86_64 : OpenSSL crypto plugin for XML Security
> Library
>
>
> 2. yum info openssl-devel
>
> Loaded plugins: downloadonly, replace, rhnplugin, security
> This system is receiving updates from RHN Classic or RHN Satellite.
> drivesrvr
> |      951 B     00:00
> rh el-raxmon
> |      951 B     00:00
>  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
>  Finished
>  Installed Packages
>  Name       : openssl-devel
>  Arch       : x86_64
>  Version    : 0.9.8e
>  Release    : 27.el5_10.1
>  Size       : 5.1 M
>  Repo       : installed
>  Summary    : Files for development of applications which will use OpenSSL
>  URL        : http://www.openssl.org/
>  License    : BSDish
>  Description: OpenSSL is a toolkit for supporting cryptography. The
> openssl-devel
>             : package contains static libraries and include files needed to
> develop
>             : applications which support various cryptographic algorithms
> and
>             : protocols.
>
>  Available Packages
>  Name       : openssl-devel
>  Arch       : i386
>  Version    : 0.9.8e
>  Release    : 27.el5_10.1
>  Size       : 1.9 M
>  Repo       : rhel-x86_64-server-5
>  Summary    : Files for development of applications which will use OpenSSL
>  License    : BSDish
>  Description: OpenSSL is a toolkit for supporting cryptography. The
> openssl-devel
>             : package contains static libraries and include files needed to
> develop
>             : applications which support various cryptographic algorithms
> and
>             : protocols.
>
> How can I upgrade from 0.98e version to the latest one without using yum
> from  the source? Should I replace this installation?
>
> --
> Thanks,
> Shruti Palshikar
> 617 784 8358
> BuysideFX
> Solving foreign exchange problems
> for institutional money managers
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Shruti Palshikar
Hi Paul,

I misunderstood the community for being a discussion thread for common issues faced.
Thank you for the help. The yum command does not run as expected


On Wed, Apr 23, 2014 at 4:02 PM, Paul Vander Griend <[hidden email]> wrote:
Shruti,

 This is probably not the right list to ask that question but i'm
going to help you anyways.

  OpenSSL is a library and you can't simply upgrade it across your
entire RHEL installation. What you need is for the packages that you
have installed who have dependencies on OpenSSL to update their
packages to have a dependency on the newer version. I believe there is
a yum update or yum upgrade command which will attempt to update any
packages that are out of date. You are at the mercy of the package
owners and the RHEL repository folk.

-Paul


On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar <[hidden email]> wrote:
> Hello,
>
> I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update
> it using yum commad (it kept pausing with the messages - No packages marked
> for update) I found out that this was not installed from the source but was
> present along with RHEL in the /usr directory. Following are some helpful
> commands to give you an idea of the machine and openSSL I am using
>
> 1. yum search openSSL
>
> Loaded plugins: downloadonly, replace, rhnplugin, security
>  This system is receiving updates from RHN Classic or RHN Satellite.
>  drivesrvr
> |    951 B     00:00
>  rhel-raxmon
> |    951 B     00:00
>  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
>  Finished
> ==================================================================================================
> Matched: openssl
> ==================================================================================================
> easy-rsa.noarch : Simple shell based CA utility
> globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error
> Handling
> globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error
> Handling
> globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL Error
> Handling        Development Files
> globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL
> Error Handling Development Files
> globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL Error
> Handling Documentation Files
> globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module Wrapper
> globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper
> globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Development Files
> globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Development Files
> globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Documentation Files
> globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL Module
> Wrapper Programs
> libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de version)
>  libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de
> version)
>  lua-sec.x86_64 : Lua binding for OpenSSL library
>  m2crypto.x86_64 : Support for using OpenSSL in python scripts
>  mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit
>  openscada-Transport-SSL.x86_64 : Open SCADA transports
>  openssl.i686 : The OpenSSL toolkit
>  openssl.x86_64 : The OpenSSL toolkit
>  openssl-devel.i386 : Files for development of applications which will use
> OpenSSL
>  openssl-devel.x86_64 : Files for development of applications which will use
> OpenSSL
>  openssl-perl.x86_64 : Perl scripts provided with OpenSSL
>  openssl097a.i386 : The OpenSSL toolkit
>  openssl097a.x86_64 : The OpenSSL toolkit
>  openvpn.x86_64 : A full-featured SSL VPN solution
>  perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES
>  perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum
>  perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA
>  perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA
>  perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random
>  perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509
>  perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification, encryption
> and  decryption
>  perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP
> https support
>  perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL
>  pkcs11-helper.i386 : A library for using PKCS#11 providers
>  pkcs11-helper.x86_64 : A library for using PKCS#11 providers
>  pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library
>  python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module
>  python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6 scripts
>  tomcat-native.x86_64 : Tomcat native library
>  tomcatjss.noarch : JSSE implementation using JSS for Tomcat
>  xmlsec1.i386 : Library providing support for "XML Signature" and "XML
> Encryption"  standards
>  xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML
> Encryption" standards
>  xmlsec1-openssl.i386 : OpenSSL crypto plugin for XML Security Library
>  xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
>  xmlsec1-openssl-devel.i386 : OpenSSL crypto plugin for XML Security Library
>  xmlsec1-openssl-devel.x86_64 : OpenSSL crypto plugin for XML Security
> Library
>
>
> 2. yum info openssl-devel
>
> Loaded plugins: downloadonly, replace, rhnplugin, security
> This system is receiving updates from RHN Classic or RHN Satellite.
> drivesrvr
> |      951 B     00:00
> rh el-raxmon
> |      951 B     00:00
>  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
>  Finished
>  Installed Packages
>  Name       : openssl-devel
>  Arch       : x86_64
>  Version    : 0.9.8e
>  Release    : 27.el5_10.1
>  Size       : 5.1 M
>  Repo       : installed
>  Summary    : Files for development of applications which will use OpenSSL
>  URL        : http://www.openssl.org/
>  License    : BSDish
>  Description: OpenSSL is a toolkit for supporting cryptography. The
> openssl-devel
>             : package contains static libraries and include files needed to
> develop
>             : applications which support various cryptographic algorithms
> and
>             : protocols.
>
>  Available Packages
>  Name       : openssl-devel
>  Arch       : i386
>  Version    : 0.9.8e
>  Release    : 27.el5_10.1
>  Size       : 1.9 M
>  Repo       : rhel-x86_64-server-5
>  Summary    : Files for development of applications which will use OpenSSL
>  License    : BSDish
>  Description: OpenSSL is a toolkit for supporting cryptography. The
> openssl-devel
>             : package contains static libraries and include files needed to
> develop
>             : applications which support various cryptographic algorithms
> and
>             : protocols.
>
> How can I upgrade from 0.98e version to the latest one without using yum
> from  the source? Should I replace this installation?
>
> --
> Thanks,
> Shruti Palshikar
> 617 784 8358
> BuysideFX
> Solving foreign exchange problems
> for institutional money managers
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



--
Thanks,
Shruti Palshikar
617 784 8358
Solving foreign exchange problems 
for institutional money managers

Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Paul Vander Griend
Shruti,

  No worries. The command should be "yum update all". Again, this does
not guarantee that there are not packages that depend on an older
version of openssl. For more questions related to this topic you
should try an RHEL or Fedora forum.

Good luck.

-Paul

On Wed, Apr 23, 2014 at 3:18 PM, Shruti Palshikar <[hidden email]> wrote:

> Hi Paul,
>
> I misunderstood the community for being a discussion thread for common
> issues faced.
> Thank you for the help. The yum command does not run as expected
>
>
> On Wed, Apr 23, 2014 at 4:02 PM, Paul Vander Griend
> <[hidden email]> wrote:
>>
>> Shruti,
>>
>>  This is probably not the right list to ask that question but i'm
>> going to help you anyways.
>>
>>   OpenSSL is a library and you can't simply upgrade it across your
>> entire RHEL installation. What you need is for the packages that you
>> have installed who have dependencies on OpenSSL to update their
>> packages to have a dependency on the newer version. I believe there is
>> a yum update or yum upgrade command which will attempt to update any
>> packages that are out of date. You are at the mercy of the package
>> owners and the RHEL repository folk.
>>
>> -Paul
>>
>>
>> On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar <[hidden email]>
>> wrote:
>> > Hello,
>> >
>> > I am trying to upgrade my openSSL version on RHEL5. WHen I tried to
>> > update
>> > it using yum commad (it kept pausing with the messages - No packages
>> > marked
>> > for update) I found out that this was not installed from the source but
>> > was
>> > present along with RHEL in the /usr directory. Following are some
>> > helpful
>> > commands to give you an idea of the machine and openSSL I am using
>> >
>> > 1. yum search openSSL
>> >
>> > Loaded plugins: downloadonly, replace, rhnplugin, security
>> >  This system is receiving updates from RHN Classic or RHN Satellite.
>> >  drivesrvr
>> > |    951 B     00:00
>> >  rhel-raxmon
>> > |    951 B     00:00
>> >  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit
>> > x86_64)
>> >  Finished
>> >
>> > ==================================================================================================
>> > Matched: openssl
>> >
>> > ==================================================================================================
>> > easy-rsa.noarch : Simple shell based CA utility
>> > globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error
>> > Handling
>> > globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL Error
>> > Handling
>> > globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL
>> > Error
>> > Handling        Development Files
>> > globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Error Handling Development Files
>> > globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Error
>> > Handling Documentation Files
>> > globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module
>> > Wrapper
>> > globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module
>> > Wrapper
>> > globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Development Files
>> > globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Development Files
>> > globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Documentation Files
>> > globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Programs
>> > libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de
>> > version)
>> >  libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de
>> > version)
>> >  lua-sec.x86_64 : Lua binding for OpenSSL library
>> >  m2crypto.x86_64 : Support for using OpenSSL in python scripts
>> >  mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit
>> >  openscada-Transport-SSL.x86_64 : Open SCADA transports
>> >  openssl.i686 : The OpenSSL toolkit
>> >  openssl.x86_64 : The OpenSSL toolkit
>> >  openssl-devel.i386 : Files for development of applications which will
>> > use
>> > OpenSSL
>> >  openssl-devel.x86_64 : Files for development of applications which will
>> > use
>> > OpenSSL
>> >  openssl-perl.x86_64 : Perl scripts provided with OpenSSL
>> >  openssl097a.i386 : The OpenSSL toolkit
>> >  openssl097a.x86_64 : The OpenSSL toolkit
>> >  openvpn.x86_64 : A full-featured SSL VPN solution
>> >  perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES
>> >  perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum
>> >  perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA
>> >  perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA
>> >  perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random
>> >  perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509
>> >  perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification,
>> > encryption
>> > and  decryption
>> >  perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides
>> > LWP
>> > https support
>> >  perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL
>> >  pkcs11-helper.i386 : A library for using PKCS#11 providers
>> >  pkcs11-helper.x86_64 : A library for using PKCS#11 providers
>> >  pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library
>> >  python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module
>> >  python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6
>> > scripts
>> >  tomcat-native.x86_64 : Tomcat native library
>> >  tomcatjss.noarch : JSSE implementation using JSS for Tomcat
>> >  xmlsec1.i386 : Library providing support for "XML Signature" and "XML
>> > Encryption"  standards
>> >  xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML
>> > Encryption" standards
>> >  xmlsec1-openssl.i386 : OpenSSL crypto plugin for XML Security Library
>> >  xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
>> >  xmlsec1-openssl-devel.i386 : OpenSSL crypto plugin for XML Security
>> > Library
>> >  xmlsec1-openssl-devel.x86_64 : OpenSSL crypto plugin for XML Security
>> > Library
>> >
>> >
>> > 2. yum info openssl-devel
>> >
>> > Loaded plugins: downloadonly, replace, rhnplugin, security
>> > This system is receiving updates from RHN Classic or RHN Satellite.
>> > drivesrvr
>> > |      951 B     00:00
>> > rh el-raxmon
>> > |      951 B     00:00
>> >  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit
>> > x86_64)
>> >  Finished
>> >  Installed Packages
>> >  Name       : openssl-devel
>> >  Arch       : x86_64
>> >  Version    : 0.9.8e
>> >  Release    : 27.el5_10.1
>> >  Size       : 5.1 M
>> >  Repo       : installed
>> >  Summary    : Files for development of applications which will use
>> > OpenSSL
>> >  URL        : http://www.openssl.org/
>> >  License    : BSDish
>> >  Description: OpenSSL is a toolkit for supporting cryptography. The
>> > openssl-devel
>> >             : package contains static libraries and include files needed
>> > to
>> > develop
>> >             : applications which support various cryptographic
>> > algorithms
>> > and
>> >             : protocols.
>> >
>> >  Available Packages
>> >  Name       : openssl-devel
>> >  Arch       : i386
>> >  Version    : 0.9.8e
>> >  Release    : 27.el5_10.1
>> >  Size       : 1.9 M
>> >  Repo       : rhel-x86_64-server-5
>> >  Summary    : Files for development of applications which will use
>> > OpenSSL
>> >  License    : BSDish
>> >  Description: OpenSSL is a toolkit for supporting cryptography. The
>> > openssl-devel
>> >             : package contains static libraries and include files needed
>> > to
>> > develop
>> >             : applications which support various cryptographic
>> > algorithms
>> > and
>> >             : protocols.
>> >
>> > How can I upgrade from 0.98e version to the latest one without using yum
>> > from  the source? Should I replace this installation?
>> >
>> > --
>> > Thanks,
>> > Shruti Palshikar
>> > 617 784 8358
>> > BuysideFX
>> > Solving foreign exchange problems
>> > for institutional money managers
>> >
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> Development Mailing List                       [hidden email]
>> Automated List Manager                           [hidden email]
>
>
>
>
> --
> Thanks,
> Shruti Palshikar
> 617 784 8358
> BuysideFX
> Solving foreign exchange problems
> for institutional money managers
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Peter Waltenberg
I stumbled across this a few days ago. Which will at least tell you if the
OS openssl package was patched on RedHat based systems.

rpm -q --changelog openssl

or to save time

rpm -q --changelog openssl | grep CVE


Peter



From: Paul Vander Griend <[hidden email]>
To: [hidden email]
Date: 24/04/2014 06:37 AM
Subject: Re: Upgrading OpenSSL on RHEL5
Sent by: [hidden email]



Shruti,

  No worries. The command should be "yum update all". Again, this does
not guarantee that there are not packages that depend on an older
version of openssl. For more questions related to this topic you
should try an RHEL or Fedora forum.

Good luck.

-Paul

On Wed, Apr 23, 2014 at 3:18 PM, Shruti Palshikar <[hidden email]>
wrote:

> Hi Paul,
>
> I misunderstood the community for being a discussion thread for common
> issues faced.
> Thank you for the help. The yum command does not run as expected
>
>
> On Wed, Apr 23, 2014 at 4:02 PM, Paul Vander Griend
> <[hidden email]> wrote:
>>
>> Shruti,
>>
>>  This is probably not the right list to ask that question but i'm
>> going to help you anyways.
>>
>>   OpenSSL is a library and you can't simply upgrade it across your
>> entire RHEL installation. What you need is for the packages that you
>> have installed who have dependencies on OpenSSL to update their
>> packages to have a dependency on the newer version. I believe there is
>> a yum update or yum upgrade command which will attempt to update any
>> packages that are out of date. You are at the mercy of the package
>> owners and the RHEL repository folk.
>>
>> -Paul
>>
>>
>> On Wed, Apr 23, 2014 at 10:50 AM, Shruti Palshikar
<[hidden email]>
>> wrote:
>> > Hello,
>> >
>> > I am trying to upgrade my openSSL version on RHEL5. WHen I tried to
>> > update
>> > it using yum commad (it kept pausing with the messages - No packages
>> > marked
>> > for update) I found out that this was not installed from the source
but

>> > was
>> > present along with RHEL in the /usr directory. Following are some
>> > helpful
>> > commands to give you an idea of the machine and openSSL I am using
>> >
>> > 1. yum search openSSL
>> >
>> > Loaded plugins: downloadonly, replace, rhnplugin, security
>> >  This system is receiving updates from RHN Classic or RHN Satellite.
>> >  drivesrvr
>> > |    951 B     00:00
>> >  rhel-raxmon
>> > |    951 B     00:00
>> >  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit
>> > x86_64)
>> >  Finished
>> >
>> >
==================================================================================================

>> > Matched: openssl
>> >
>> >
==================================================================================================

>> > easy-rsa.noarch : Simple shell based CA utility
>> > globus-gsi-openssl-error.i386 : Globus Toolkit - Globus OpenSSL Error
>> > Handling
>> > globus-gsi-openssl-error.x86_64 : Globus Toolkit - Globus OpenSSL
Error
>> > Handling
>> > globus-gsi-openssl-error-devel.i386 : Globus Toolkit - Globus OpenSSL
>> > Error
>> > Handling        Development Files
>> > globus-gsi-openssl-error-devel.x86_64 : Globus Toolkit - Globus
OpenSSL

>> > Error Handling Development Files
>> > globus-gsi-openssl-error-doc.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Error
>> > Handling Documentation Files
>> > globus-openssl-module.i386 : Globus Toolkit - Globus OpenSSL Module
>> > Wrapper
>> > globus-openssl-module.x86_64 : Globus Toolkit - Globus OpenSSL Module
>> > Wrapper
>> > globus-openssl-module-devel.i386 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Development Files
>> > globus-openssl-module-devel.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Development Files
>> > globus-openssl-module-doc.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Documentation Files
>> > globus-openssl-module-progs.x86_64 : Globus Toolkit - Globus OpenSSL
>> > Module
>> > Wrapper Programs
>> > libssh.i386 : A library implementing the SSH2 protocol (0xbadc0de
>> > version)
>> >  libssh.x86_64 : A library implementing the SSH2 protocol (0xbadc0de
>> > version)
>> >  lua-sec.x86_64 : Lua binding for OpenSSL library
>> >  m2crypto.x86_64 : Support for using OpenSSL in python scripts
>> >  mingw32-openssl.noarch : MinGW port of the OpenSSL toolkit
>> >  openscada-Transport-SSL.x86_64 : Open SCADA transports
>> >  openssl.i686 : The OpenSSL toolkit
>> >  openssl.x86_64 : The OpenSSL toolkit
>> >  openssl-devel.i386 : Files for development of applications which will
>> > use
>> > OpenSSL
>> >  openssl-devel.x86_64 : Files for development of applications which
will
>> > use
>> > OpenSSL
>> >  openssl-perl.x86_64 : Perl scripts provided with OpenSSL
>> >  openssl097a.i386 : The OpenSSL toolkit
>> >  openssl097a.x86_64 : The OpenSSL toolkit
>> >  openvpn.x86_64 : A full-featured SSL VPN solution
>> >  perl-Crypt-OpenSSL-AES.x86_64 : Perl interface to OpenSSL for AES
>> >  perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for
Bignum
>> >  perl-Crypt-OpenSSL-DSA.x86_64 : Perl interface to OpenSSL for DSA
>> >  perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA
>> >  perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for
Random

>> >  perl-Crypt-OpenSSL-X509.x86_64 : Perl interface to OpenSSL for X509
>> >  perl-Crypt-SMIME.x86_64 : S/MIME message signing, verification,
>> > encryption
>> > and  decryption
>> >  perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides
>> > LWP
>> > https support
>> >  perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL
>> >  pkcs11-helper.i386 : A library for using PKCS#11 providers
>> >  pkcs11-helper.x86_64 : A library for using PKCS#11 providers
>> >  pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library
>> >  python-socksipychain.noarch : A Python SOCKS/HTTP Proxy module
>> >  python26-m2crypto.x86_64 : Support for using OpenSSL in python 2.6
>> > scripts
>> >  tomcat-native.x86_64 : Tomcat native library
>> >  tomcatjss.noarch : JSSE implementation using JSS for Tomcat
>> >  xmlsec1.i386 : Library providing support for "XML Signature" and "XML
>> > Encryption"  standards
>> >  xmlsec1.x86_64 : Library providing support for "XML Signature" and
"XML
>> > Encryption" standards
>> >  xmlsec1-openssl.i386 : OpenSSL crypto plugin for XML Security Library
>> >  xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security
Library

>> >  xmlsec1-openssl-devel.i386 : OpenSSL crypto plugin for XML Security
>> > Library
>> >  xmlsec1-openssl-devel.x86_64 : OpenSSL crypto plugin for XML Security
>> > Library
>> >
>> >
>> > 2. yum info openssl-devel
>> >
>> > Loaded plugins: downloadonly, replace, rhnplugin, security
>> > This system is receiving updates from RHN Classic or RHN Satellite.
>> > drivesrvr
>> > |      951 B     00:00
>> > rh el-raxmon
>> > |      951 B     00:00
>> >  Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit
>> > x86_64)
>> >  Finished
>> >  Installed Packages
>> >  Name       : openssl-devel
>> >  Arch       : x86_64
>> >  Version    : 0.9.8e
>> >  Release    : 27.el5_10.1
>> >  Size       : 5.1 M
>> >  Repo       : installed
>> >  Summary    : Files for development of applications which will use
>> > OpenSSL
>> >  URL        : http://www.openssl.org/
>> >  License    : BSDish
>> >  Description: OpenSSL is a toolkit for supporting cryptography. The
>> > openssl-devel
>> >             : package contains static libraries and include files
needed

>> > to
>> > develop
>> >             : applications which support various cryptographic
>> > algorithms
>> > and
>> >             : protocols.
>> >
>> >  Available Packages
>> >  Name       : openssl-devel
>> >  Arch       : i386
>> >  Version    : 0.9.8e
>> >  Release    : 27.el5_10.1
>> >  Size       : 1.9 M
>> >  Repo       : rhel-x86_64-server-5
>> >  Summary    : Files for development of applications which will use
>> > OpenSSL
>> >  License    : BSDish
>> >  Description: OpenSSL is a toolkit for supporting cryptography. The
>> > openssl-devel
>> >             : package contains static libraries and include files
needed
>> > to
>> > develop
>> >             : applications which support various cryptographic
>> > algorithms
>> > and
>> >             : protocols.
>> >
>> > How can I upgrade from 0.98e version to the latest one without using
yum

>> > from  the source? Should I replace this installation?
>> >
>> > --
>> > Thanks,
>> > Shruti Palshikar
>> > 617 784 8358
>> > BuysideFX
>> > Solving foreign exchange problems
>> > for institutional money managers
>> >
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> Development Mailing List                       [hidden email]
>> Automated List Manager                           [hidden email]
>
>
>
>
> --
> Thanks,
> Shruti Palshikar
> 617 784 8358
> BuysideFX
> Solving foreign exchange problems
> for institutional money managers
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Jan Just Keijser-2
On 24/04/14 01:46, Peter Waltenberg wrote:
> rpm -q --changelog openssl | grep CVE
AFAIU RedHat backports CVE's to the version of openssl included in RHEL5
(0.9.8e)
FWIW: this is the changelog from a Scientific Linux 5 box:

rpm -q --changelog openssl | grep CVE
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
   environment variable is set (fixes CVE-2012-4929 #857051)
- fix for CVE-2012-2333 - improper checking for record length in DTLS
(#820686)
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers
(#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- fix CVE-2010-4180 - completely disable code for
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which
- fix CVE-2009-3555 - support the safe renegotiation extension and
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data()
- fix CVE-2009-1386 CVE-2009-1387 (DTLS DoS problems)
- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
- fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304)
- fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671)
- fix CVE-2007-3108 - side channel attack on private keys (#250581)
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309881)
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321221)
- CVE-2006-2940 fix was incorrect (#208744)
- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
- fix CVE-2006-4343 - sslv2 client DoS (#206940)
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
   environment variable is set (fixes CVE-2012-4929 #857051)
- fix for CVE-2012-2333 - improper checking for record length in DTLS
(#820686)
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers
(#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- fix CVE-2010-4180 - completely disable code for
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which
- fix CVE-2009-3555 - support the safe renegotiation extension and
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data()
- fix CVE-2009-1386 CVE-2009-1387 (DTLS DoS problems)
- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
- fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304)
- fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671)
- fix CVE-2007-3108 - side channel attack on private keys (#250581)
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309881)
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321221)
- CVE-2006-2940 fix was incorrect (#208744)
- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
- fix CVE-2006-4343 - sslv2 client DoS (#206940)
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)


it will be very hard to upgrade to a newer version of openssl (1.0? I'd
say forget it) , as many packages depend on either openssl, libssl.so.6
and or libcrypto.so.6 (don't ask me where the 6 came from). The best you
could achieve is to download the latest 0.9.8 release, build an RPM for
that based on the RHEL5 spec file and try to upgrade your openssl
library that way.

HTH,

JJK

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Hubert Kario
In reply to this post by Shruti Palshikar
----- Original Message -----

> From: "Shruti Palshikar" <[hidden email]>
> To: [hidden email]
> Sent: Wednesday, 23 April, 2014 5:50:45 PM
> Subject: Upgrading OpenSSL on RHEL5

> Hello,

> I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it
> using yum commad (it kept pausing with the messages - No packages marked for
> update) I found out that this was not installed from the source but was
> present along with RHEL in the /usr directory. Following are some helpful
> commands to give you an idea of the machine and openSSL I am using

OpenSSL version shipped in RHEL 5 is the newest version that's compatible with
other applications and tools shipped in this RHEL version. It does have all
the important bug fixes and security fixes backported (if you think it is
missing something, please contact us through Customer Portal).

If you want to have a newer openssl version (e.g. to have support for AES-GCM or
TLS1.2), you will have to upgrade to newer RHEL release (6.5).

If you need only a single application to support newer cryptography, you
shouldn't replace the system version of openssl with version 1.0.x or
you will most likely break your install.

--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Shruti Palshikar
Thanks everyone for the help, does anybody know if RHEL5 with version 0.98e of openssl has a fix for TLS/SSL renegotiation vulnerability?


On Thu, Apr 24, 2014 at 7:40 AM, Hubert Kario <[hidden email]> wrote:
----- Original Message -----

> From: "Shruti Palshikar" <[hidden email]>
> To: [hidden email]
> Sent: Wednesday, 23 April, 2014 5:50:45 PM
> Subject: Upgrading OpenSSL on RHEL5

> Hello,

> I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it
> using yum commad (it kept pausing with the messages - No packages marked for
> update) I found out that this was not installed from the source but was
> present along with RHEL in the /usr directory. Following are some helpful
> commands to give you an idea of the machine and openSSL I am using

OpenSSL version shipped in RHEL 5 is the newest version that's compatible with
other applications and tools shipped in this RHEL version. It does have all
the important bug fixes and security fixes backported (if you think it is
missing something, please contact us through Customer Portal).

If you want to have a newer openssl version (e.g. to have support for AES-GCM or
TLS1.2), you will have to upgrade to newer RHEL release (6.5).

If you need only a single application to support newer cryptography, you
shouldn't replace the system version of openssl with version 1.0.x or
you will most likely break your install.

--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



--
Thanks,
Shruti Palshikar
617 784 8358
Solving foreign exchange problems 
for institutional money managers

Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

LOKESH JANGIR
Hi Shruti,

As per openssl, version 0.98e is not infected with hearbleed issue. You can check on below link. 

Regards,
Lokesh Jangir


On Thu, Apr 24, 2014 at 6:47 PM, Shruti Palshikar <[hidden email]> wrote:
Thanks everyone for the help, does anybody know if RHEL5 with version 0.98e of openssl has a fix for TLS/SSL renegotiation vulnerability?


On Thu, Apr 24, 2014 at 7:40 AM, Hubert Kario <[hidden email]> wrote:
----- Original Message -----

> From: "Shruti Palshikar" <[hidden email]>
> To: [hidden email]
> Sent: Wednesday, 23 April, 2014 5:50:45 PM
> Subject: Upgrading OpenSSL on RHEL5

> Hello,

> I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it
> using yum commad (it kept pausing with the messages - No packages marked for
> update) I found out that this was not installed from the source but was
> present along with RHEL in the /usr directory. Following are some helpful
> commands to give you an idea of the machine and openSSL I am using

OpenSSL version shipped in RHEL 5 is the newest version that's compatible with
other applications and tools shipped in this RHEL version. It does have all
the important bug fixes and security fixes backported (if you think it is
missing something, please contact us through Customer Portal).

If you want to have a newer openssl version (e.g. to have support for AES-GCM or
TLS1.2), you will have to upgrade to newer RHEL release (6.5).

If you need only a single application to support newer cryptography, you
shouldn't replace the system version of openssl with version 1.0.x or
you will most likely break your install.

--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



--
Thanks,
Shruti Palshikar
617 784 8358
Solving foreign exchange problems 
for institutional money managers


Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Shruti Palshikar
Hi Lokesh,

I was referring to the TLS/SSL renegotiation vulnerability. Do you know if the 0.98e version has the fix?


On Thu, Apr 24, 2014 at 9:29 AM, LOKESH JANGIR <[hidden email]> wrote:
Hi Shruti,

As per openssl, version 0.98e is not infected with hearbleed issue. You can check on below link. 

Regards,
Lokesh Jangir


On Thu, Apr 24, 2014 at 6:47 PM, Shruti Palshikar <[hidden email]> wrote:
Thanks everyone for the help, does anybody know if RHEL5 with version 0.98e of openssl has a fix for TLS/SSL renegotiation vulnerability?


On Thu, Apr 24, 2014 at 7:40 AM, Hubert Kario <[hidden email]> wrote:
----- Original Message -----

> From: "Shruti Palshikar" <[hidden email]>
> To: [hidden email]
> Sent: Wednesday, 23 April, 2014 5:50:45 PM
> Subject: Upgrading OpenSSL on RHEL5

> Hello,

> I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it
> using yum commad (it kept pausing with the messages - No packages marked for
> update) I found out that this was not installed from the source but was
> present along with RHEL in the /usr directory. Following are some helpful
> commands to give you an idea of the machine and openSSL I am using

OpenSSL version shipped in RHEL 5 is the newest version that's compatible with
other applications and tools shipped in this RHEL version. It does have all
the important bug fixes and security fixes backported (if you think it is
missing something, please contact us through Customer Portal).

If you want to have a newer openssl version (e.g. to have support for AES-GCM or
TLS1.2), you will have to upgrade to newer RHEL release (6.5).

If you need only a single application to support newer cryptography, you
shouldn't replace the system version of openssl with version 1.0.x or
you will most likely break your install.

--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



--
Thanks,
Shruti Palshikar
<a href="tel:617%20784%208358" value="+16177848358" target="_blank">617 784 8358
Solving foreign exchange problems 
for institutional money managers





--
Thanks,
Shruti Palshikar
617 784 8358
Solving foreign exchange problems 
for institutional money managers

Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Hubert Kario
----- Original Message -----
>
> From: "Shruti Palshikar" <[hidden email]>
> To: [hidden email]
> Sent: Thursday, 24 April, 2014 3:33:50 PM
> Subject: Re: Upgrading OpenSSL on RHEL5
>
> I was referring to the TLS/SSL renegotiation vulnerability. Do you know if
> the 0.98e version has the fix?

Yes, CVE-2009-3555 is fixed in the openssl package as shipped in RHEL-5:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555#c105

--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading OpenSSL on RHEL5

Shruti Palshikar
Thanks Hubert


On Thu, Apr 24, 2014 at 10:20 AM, Hubert Kario <[hidden email]> wrote:
----- Original Message -----
>
> From: "Shruti Palshikar" <[hidden email]>
> To: [hidden email]
> Sent: Thursday, 24 April, 2014 3:33:50 PM
> Subject: Re: Upgrading OpenSSL on RHEL5
>
> I was referring to the TLS/SSL renegotiation vulnerability. Do you know if
> the 0.98e version has the fix?

Yes, CVE-2009-3555 is fixed in the openssl package as shipped in RHEL-5:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555#c105

--
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



--
Thanks,
Shruti Palshikar
617 784 8358
Solving foreign exchange problems 
for institutional money managers