Vulnerable Openssl version remains & got activated after update

m.roth at 5-cent.us m.roth at 5-cent.us
Fri Jun 13 14:46:54 UTC 2014 

Sunhux G wrote:
> Reckoned the script uses OPSWopenssl (though I can't
> grep the string OPSWopenssl in the script) :
> http://tekknotes.blogspot.sg/2014/04/hp-server-automation-and-heartbleed.html
>
> We can't wait for our local HP; anyone knows where to download
> a non-vulnerable version of this HP Server Automation's Openssl ?
>
> In my case, yum would not work as this rpm is not from RHN.
> Long way to figure this out
>
Sure it would: yum localinstall, or, if you were on the 'Net, yum install
... --enablerepo=<repo>

      mark
>
> SH
>
>
> On Fri, Jun 13, 2014 at 10:14 PM, Sunhux G <sunhux at gmail.com> wrote:
>
>>
>> Think I figured it out:
>> the Opsgw software uses a different rpm *:*
>> # rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" OPSWopenssl
>>    OPSWopenssl-0.9.8g.1.x86_64
>>
>>
>> Does RHN has this version? I can't seem to locate it
>>
>>
>>
>> On Fri, Jun 13, 2014 at 10:05 PM, Sunhux G <sunhux at gmail.com> wrote:
>>
>>>
>>> Our network blocks Internet access & Security Gov team
>>> disallows.  I don't know how to set up a yum repo which
>>> I've been enquiring for a while: anyone care to share?
>>>
>>> David is right that I'll need to use the specific format of the
>>> rpm command.  I'm curious why on my server (this is my
>>> first time in this new environment), the openssl devel is
>>> x86_64 while the openssl is i686 : thought they're meant
>>> for different architecture?
>>>
>>> # rpm -q --qf "%{NAME}-%{VERSION}.%{RELEASE}.%{ARCH}\n" openssl-devel
>>> openssl-devel-0.9.8e.27.el5_10.3.x86_64
>>>
>>>
>>> After updating it & restart the service, the *version is still a*
>>> *vulnerable* version:   Any idea why?
>>>
>>> # cd /opt/opsware/etc/init.d
>>> ./opswgw-cgws1-GCLOUDMAZ start
>>> Starting opswgw:                                    [  OK  ]
>>>
>>> # ./ fake-client-early-ccs.pl localhost 443 Got server response, size:
>>> 2953
>>> - Handshake - Server Hello
>>> - Handshake - Certificate
>>> - Handshake - Server Key Exhange
>>> - Handshake - Server Hello Done
>>> FAIL Remote host is affected
>>> # openssl version
>>> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 9:42 PM, Jonathan Billings <jsbillin at umich.edu>
>>> wrote:
>>>
>>>> On Fri, Jun 13, 2014 at 9:23 AM, Sunhux G <sunhux at gmail.com> wrote:
>>>>
>>>> > I'll attempt anyway but should I use "rpm -ivh ..." or
>>>> > "rpm -Uvh ..."   this time?
>>>> >
>>>>
>>>> Why aren't you using 'yum'?  Your problem would have been obvious if
>>>> you
>>>> had just used it.  'yum' was written specifically to help with these
>>>> types
>>>> of situations.
>>>>
>>>> If you don't have direct access to RHN (air-gapped system for
>>>> example),
>>>> you
>>>> can always copy the packages into a local yum repo and use yum instead
>>>> of
>>>> 'rpm'.
>>>>
>>>> --
>>>> Jonathan Billings <jsbillin at umich.edu>
>>>> College of Engineering - CAEN - Unix and Linux Support
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>
>>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list