Vulnerable Openssl version remains & got activated after update

Sunhux G sunhux at gmail.com
Fri Jun 13 14:28:57 UTC 2014 

Reckoned the script uses OPSWopenssl (though I can't
grep the string OPSWopenssl in the script) :
http://tekknotes.blogspot.sg/2014/04/hp-server-automation-and-heartbleed.html

We can't wait for our local HP; anyone knows where to download
a non-vulnerable version of this HP Server Automation's Openssl ?

In my case, yum would not work as this rpm is not from RHN.
Long way to figure this out


SH


On Fri, Jun 13, 2014 at 10:14 PM, Sunhux G <sunhux at gmail.com> wrote:

>
> Think I figured it out:
> the Opsgw software uses a different rpm *:*
> # rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" OPSWopenssl
>    OPSWopenssl-0.9.8g.1.x86_64
>
>
> Does RHN has this version? I can't seem to locate it
>
>
>
> On Fri, Jun 13, 2014 at 10:05 PM, Sunhux G <sunhux at gmail.com> wrote:
>
>>
>> Our network blocks Internet access & Security Gov team
>> disallows.  I don't know how to set up a yum repo which
>> I've been enquiring for a while: anyone care to share?
>>
>> David is right that I'll need to use the specific format of the
>> rpm command.  I'm curious why on my server (this is my
>> first time in this new environment), the openssl devel is
>> x86_64 while the openssl is i686 : thought they're meant
>> for different architecture?
>>
>> # rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" openssl-devel
>> openssl-devel-0.9.8e.27.el5_10.3.x86_64
>>
>>
>> After updating it & restart the service, the *version is still a*
>> *vulnerable* version:   Any idea why?
>>
>> # cd /opt/opsware/etc/init.d
>> ./opswgw-cgws1-GCLOUDMAZ start
>> Starting opswgw:                                    [  OK  ]
>>
>> # ./ fake-client-early-ccs.pl localhost 443 Got server response, size:
>> 2953
>> - Handshake - Server Hello
>> - Handshake - Certificate
>> - Handshake - Server Key Exhange
>> - Handshake - Server Hello Done
>> FAIL Remote host is affected
>> # openssl version
>> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>>
>>
>>
>>
>>
>>
>> On Fri, Jun 13, 2014 at 9:42 PM, Jonathan Billings <jsbillin at umich.edu>
>> wrote:
>>
>>> On Fri, Jun 13, 2014 at 9:23 AM, Sunhux G <sunhux at gmail.com> wrote:
>>>
>>> > I'll attempt anyway but should I use "rpm -ivh ..." or
>>> > "rpm -Uvh ..."   this time?
>>> >
>>>
>>> Why aren't you using 'yum'?  Your problem would have been obvious if you
>>> had just used it.  'yum' was written specifically to help with these
>>> types
>>> of situations.
>>>
>>> If you don't have direct access to RHN (air-gapped system for example),
>>> you
>>> can always copy the packages into a local yum repo and use yum instead of
>>> 'rpm'.
>>>
>>> --
>>> Jonathan Billings <jsbillin at umich.edu>
>>> College of Engineering - CAEN - Unix and Linux Support
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
>

More information about the redhat-list mailing list