Upgrading openssl to 0.9.7i on FC3?
Paul Dwerryhouse
paul at dwerryhouse.com.au
Wed Mar 22 03:31:36 UTC 2006
On Tue, Mar 21, 2006 at 04:30:36PM -0800, Jim Rice wrote:
> I have 2.6.12-1.1376_FC3smp and wanted to upgrade openssl.
> Was at 0.9.7a and ran yum upgrade openssl.
> It only brought me up to openssl-0.9.7a-42.2.
>
> How can I upgrade it to 0.9.7i ? (for security audit)...
You probably don't need to. Any known security issues that were patched
in that version of openssl should have been backported to the package
that was in FC3, while the Fedora people were maintaining it. This
should continue to happen now that the Fedora Legacy people have taken
over its maintenance.
> Can I get the RPMs from FC4 and force the install,
> and hope that it doesn't break on other dependencies?
I wouldn't recommend that. Taken to the extreme, it will make your
system a hotch-potch of packages from difference releases, which will
make it very difficult to maintain, and yes, will probably break
dependencies in the long run.
I suggest that you get the FC3 openssl SRPM package
(openssl-0.9.7a-42.2.src.rpm), read through the comments in the spec
file, and check that the security issues that you're concerned about
have been fixed in it.
Cheers,
Paul
--
Paul Dwerryhouse | PGP Key ID: 0x6B91B584
========================================================================
Building Java RPMS for Redhat Enterprise Linux and Fedora:
http://nepotismia.com/redhat/java/
More information about the fedora-list
mailing list