Vulnerable Openssl version remains & got activated after update

Sunhux G sunhux at gmail.com
Fri Jun 13 14:14:11 UTC 2014 

Think I figured it out:
the Opsgw software uses a different rpm *:*
# rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" OPSWopenssl
   OPSWopenssl-0.9.8g.1.x86_64


Does RHN has this version? I can't seem to locate it



On Fri, Jun 13, 2014 at 10:05 PM, Sunhux G <sunhux at gmail.com> wrote:

>
> Our network blocks Internet access & Security Gov team
> disallows.  I don't know how to set up a yum repo which
> I've been enquiring for a while: anyone care to share?
>
> David is right that I'll need to use the specific format of the
> rpm command.  I'm curious why on my server (this is my
> first time in this new environment), the openssl devel is
> x86_64 while the openssl is i686 : thought they're meant
> for different architecture?
>
> # rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" openssl-devel
> openssl-devel-0.9.8e.27.el5_10.3.x86_64
>
>
> After updating it & restart the service, the *version is still a*
> *vulnerable* version:   Any idea why?
>
> # cd /opt/opsware/etc/init.d
> ./opswgw-cgws1-GCLOUDMAZ start
> Starting opswgw:                                    [  OK  ]
>
> # ./ fake-client-early-ccs.pl localhost 443 Got server response, size:
> 2953
> - Handshake - Server Hello
> - Handshake - Certificate
> - Handshake - Server Key Exhange
> - Handshake - Server Hello Done
> FAIL Remote host is affected
> # openssl version
> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>
>
>
>
>
>
> On Fri, Jun 13, 2014 at 9:42 PM, Jonathan Billings <jsbillin at umich.edu>
> wrote:
>
>> On Fri, Jun 13, 2014 at 9:23 AM, Sunhux G <sunhux at gmail.com> wrote:
>>
>> > I'll attempt anyway but should I use "rpm -ivh ..." or
>> > "rpm -Uvh ..."   this time?
>> >
>>
>> Why aren't you using 'yum'?  Your problem would have been obvious if you
>> had just used it.  'yum' was written specifically to help with these types
>> of situations.
>>
>> If you don't have direct access to RHN (air-gapped system for example),
>> you
>> can always copy the packages into a local yum repo and use yum instead of
>> 'rpm'.
>>
>> --
>> Jonathan Billings <jsbillin at umich.edu>
>> College of Engineering - CAEN - Unix and Linux Support
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>

More information about the redhat-list mailing list