Vulnerable Openssl version remains & got activated after update

Sunhux G sunhux at gmail.com
Fri Jun 13 15:01:44 UTC 2014 

Thanks M.Roth.

Any could locate a non-vulnerable OPSWopenssl
rpm for my  x86_64  RHEL 5.x & 6.x ?

I would like to download it


On Fri, Jun 13, 2014 at 10:46 PM, <m.roth at 5-cent.us> wrote:

> Sunhux G wrote:
> > Reckoned the script uses OPSWopenssl (though I can't
> > grep the string OPSWopenssl in the script) :
> >
> http://tekknotes.blogspot.sg/2014/04/hp-server-automation-and-heartbleed.html
> >
> > We can't wait for our local HP; anyone knows where to download
> > a non-vulnerable version of this HP Server Automation's Openssl ?
> >
> > In my case, yum would not work as this rpm is not from RHN.
> > Long way to figure this out
> >
> Sure it would: yum localinstall, or, if you were on the 'Net, yum install
> ... --enablerepo=<repo>
>
>       mark
> >
> > SH
> >
> >
> > On Fri, Jun 13, 2014 at 10:14 PM, Sunhux G <sunhux at gmail.com> wrote:
> >
> >>
> >> Think I figured it out:
> >> the Opsgw software uses a different rpm *:*
> >> # rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" OPSWopenssl
> >>    OPSWopenssl-0.9.8g.1.x86_64
> >>
> >>
> >> Does RHN has this version? I can't seem to locate it
> >>
> >>
> >>
> >> On Fri, Jun 13, 2014 at 10:05 PM, Sunhux G <sunhux at gmail.com> wrote:
> >>
> >>>
> >>> Our network blocks Internet access & Security Gov team
> >>> disallows.  I don't know how to set up a yum repo which
> >>> I've been enquiring for a while: anyone care to share?
> >>>
> >>> David is right that I'll need to use the specific format of the
> >>> rpm command.  I'm curious why on my server (this is my
> >>> first time in this new environment), the openssl devel is
> >>> x86_64 while the openssl is i686 : thought they're meant
> >>> for different architecture?
> >>>
> >>> # rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" openssl-devel
> >>> openssl-devel-0.9.8e.27.el5_10.3.x86_64
> >>>
> >>>
> >>> After updating it & restart the service, the *version is still a*
> >>> *vulnerable* version:   Any idea why?
> >>>
> >>> # cd /opt/opsware/etc/init.d
> >>> ./opswgw-cgws1-GCLOUDMAZ start
> >>> Starting opswgw:                                    [  OK  ]
> >>>
> >>> # ./ fake-client-early-ccs.pl localhost 443 Got server response, size:
> >>> 2953
> >>> - Handshake - Server Hello
> >>> - Handshake - Certificate
> >>> - Handshake - Server Key Exhange
> >>> - Handshake - Server Hello Done
> >>> FAIL Remote host is affected
> >>> # openssl version
> >>> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Fri, Jun 13, 2014 at 9:42 PM, Jonathan Billings <jsbillin at umich.edu
> >
> >>> wrote:
> >>>
> >>>> On Fri, Jun 13, 2014 at 9:23 AM, Sunhux G <sunhux at gmail.com> wrote:
> >>>>
> >>>> > I'll attempt anyway but should I use "rpm -ivh ..." or
> >>>> > "rpm -Uvh ..."   this time?
> >>>> >
> >>>>
> >>>> Why aren't you using 'yum'?  Your problem would have been obvious if
> >>>> you
> >>>> had just used it.  'yum' was written specifically to help with these
> >>>> types
> >>>> of situations.
> >>>>
> >>>> If you don't have direct access to RHN (air-gapped system for
> >>>> example),
> >>>> you
> >>>> can always copy the packages into a local yum repo and use yum instead
> >>>> of
> >>>> 'rpm'.
> >>>>
> >>>> --
> >>>> Jonathan Billings <jsbillin at umich.edu>
> >>>> College of Engineering - CAEN - Unix and Linux Support
> >>>> --
> >>>> redhat-list mailing list
> >>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >>>> https://www.redhat.com/mailman/listinfo/redhat-list
> >>>>
> >>>
> >>>
> >>
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list