Portal Home > Knowledgebase > Articles Database > Upgrade openssl for CentOS 6.5 64-bit
Upgrade openssl for CentOS 6.5 64-bit
Posted by Kailash12, 04-11-2014, 02:16 AM |
Hi,
This is in reference to recent OpenSSL vulnerability. I tried to update it via yum but it shows no updates available. Following are the information:
-------------------------------------------------------------
root@server [~]# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Installed Packages
Name : openssl
Arch : x86_64
Version : 1.0.1e
Release : 16.el6_5.7
Size : 4.0 M
Repo : installed
From repo : updates
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
Available Packages
Name : openssl
Arch : i686
Version : 1.0.1e
Release : 16.el6_5.7
Size : 1.5 M
Repo : updates
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
-------------------------------------------------------------
-------------------------------------------------------------
root@server [~]# yum update openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
Setting up Update Process
No Packages marked for Update
root@server []# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
root@server [~]#
-------------------------------------------------------------
Server OS: CentOS release 6.5 (Final) x86_64 bit
Am I safe or I need to take further action?
Thanks!
|
Posted by ambadydotnet, 04-11-2014, 02:36 AM |
I think 1.0.1e version is affected. You should upgrade to 1.0.1g
|
Posted by Srv24x7, 04-11-2014, 03:30 AM |
Hi,
An official patch for this has been released and has been updated in the centos mirrors. You can check the below announcement from centos
http://lists.centos.org/pipermail/ce...il/020249.html
Additionally, please check whether current rpm involves this patch.
rpm -q openssl
rpm -q --changelog | grep CVE-2014-0160
[- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension]
|
Posted by Kailash12, 04-11-2014, 03:41 AM |
Thanks for the information. I just verified it:
root@server [~]# rpm -q openssl
openssl-1.0.1e-16.el6_5.7.x86_64
root@server [~]# rpm -q --changelog openssl-1.0.1e-16.el6_5.7.x86_64 | grep CVE-2014-0160
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
So I am good now.
Thanks!
|
Posted by NoSupportLinuxHostin, 04-11-2014, 03:04 PM |
That is correct. The patches are back ported into OpenSSL 1.0.1e. You do not need 1.0.1g.
Here is a command to list security updates included in your current version of OpenSSL:
rpm -q --changelog openssl | grep -iE 'security|cve|vuln'
As long as the following line is listed, then you are safe:
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
|
Posted by VoodooServers, 04-11-2014, 06:03 PM |
It's worth mentioning that updating OpenSSL is pointless if you don't restart your web server, and possibly any other application using the OpenSSL library.
|
Posted by un!ty, 04-12-2014, 05:19 AM |
I followed the instructions and got the line following line.
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
Now i am safe? and should i need to restart the server? or its don't required server restart.
Thanks.
|
Posted by Criot, 04-12-2014, 08:19 AM |
You'd need to restart all of the services which use OpenSSL, we simply restarted our servers as it gave us chance to update Kernels as well.
|
Posted by un!ty, 04-12-2014, 08:44 AM |
I did it now see what happen hope so that server will start work as normal
|
Add to Favourites Print this Article
Also Read