hi all ,,
as some of you know that there is a new vulnerability in OpenSSL that requires all of us to upgrade as soon as possible ..
my question is .. is it only downloading the rpm and rpm-ivh filename.rpm ?? or do we have to worry about some other things?
thanks
Full Version: the new OpenSSL vulnerability
i did the following:
[root@plesk up2date]# up2date openssl
Retrieving list of all available packages...
########################################
########################################
Removing installed packages from list of updates...
########################################
Removing packages with files not specified from list...
Removing packages marked to skip from list...
########################################
Getting headers for available packages...
########################################
Removing packages with files marked to skip from list...
########################################
Testing package set / solving RPM inter-dependencies...
########################################
The following packages were added to your selection to satify dependencies:
Name Version Release
--------------------------------------------------------------
openssl 0.9.6b 32.7
openssl-devel 0.9.6b 32.7
Retrieving selected packages...
openssl-0.9.6b-32.7.i686.rp ########################## Done.
########################## Done.
openssl-devel-0.9.6b-32.7.i ########################## Done.
[root@plesk up2date]# ls
openssl-0.9.6b-32.7.i686.hdr openssl-devel-0.9.6b-32.7.i386.rpm
openssl-0.9.6b-32.7.i686.rpm redhat-linux-i386-7.2.20030429145826
openssl-devel-0.9.6b-32.7.i386.hdr
[root@plesk up2date]# rpm -Uvh openssl-0.9.6b-32.7.i686.
openssl-0.9.6b-32.7.i686.hdr openssl-0.9.6b-32.7.i686.rpm
[root@plesk up2date]# rpm -Uvh openssl-0.9.6b-32.7.i686.rpm
error: failed dependencies:
openssl = 0.9.6b-8 is needed by openssl-devel-0.9.6b-8
[root@plesk up2date]#
now why did it fail???
[root@plesk up2date]# up2date openssl
Retrieving list of all available packages...
########################################
########################################
Removing installed packages from list of updates...
########################################
Removing packages with files not specified from list...
Removing packages marked to skip from list...
########################################
Getting headers for available packages...
########################################
Removing packages with files marked to skip from list...
########################################
Testing package set / solving RPM inter-dependencies...
########################################
The following packages were added to your selection to satify dependencies:
Name Version Release
--------------------------------------------------------------
openssl 0.9.6b 32.7
openssl-devel 0.9.6b 32.7
Retrieving selected packages...
openssl-0.9.6b-32.7.i686.rp ########################## Done.
########################## Done.
openssl-devel-0.9.6b-32.7.i ########################## Done.
[root@plesk up2date]# ls
openssl-0.9.6b-32.7.i686.hdr openssl-devel-0.9.6b-32.7.i386.rpm
openssl-0.9.6b-32.7.i686.rpm redhat-linux-i386-7.2.20030429145826
openssl-devel-0.9.6b-32.7.i386.hdr
[root@plesk up2date]# rpm -Uvh openssl-0.9.6b-32.7.i686.
openssl-0.9.6b-32.7.i686.hdr openssl-0.9.6b-32.7.i686.rpm
[root@plesk up2date]# rpm -Uvh openssl-0.9.6b-32.7.i686.rpm
error: failed dependencies:
openssl = 0.9.6b-8 is needed by openssl-devel-0.9.6b-8
[root@plesk up2date]#
now why did it fail???
QUOTE
Originally posted by murshed
hi all ,,
as some of you know that there is a new vulnerability in OpenSSL that requires all of us to upgrade as soon as possible ..
my question is .. is it only downloading the rpm and rpm-ivh filename.rpm ?? or do we have to worry about some other things?
thanks
Hummn.. I've got my SSL ports blocked to any IP other than my own (not selling space to general users) I was wondering why the sudden increase in sniffs on those ports....
hi all ,,
as some of you know that there is a new vulnerability in OpenSSL that requires all of us to upgrade as soon as possible ..
my question is .. is it only downloading the rpm and rpm-ivh filename.rpm ?? or do we have to worry about some other things?
thanks
Hummn...
Shortz
fixed the problem ...
rpm -Uvh filename --nodeps
shortfork
what IDS are you using?
rpm -Uvh filename --nodeps
shortfork
what IDS are you using?
QUOTE
Originally posted by murshed
shortfork
what IDS are you using?
LOL... spekee da Engrish for me pleze??
shortfork
what IDS are you using?
IDS??
I'm a pretty "ignorant" soul runnin a firewall and runnin' scared most of the time using a logcheck proggy to email me regularly with port connects (other than the commonly open ones)
Shortzness
Well, I think IDS stands for "intrusion detection system"... Something like http://www.snort.org, etc.
QUOTE
Originally posted by Ales
Well, I think IDS stands for "intrusion detection system"... Something like http://www.snort.org, etc.
Ahh.. that'd prolly be "logcheck" then..
Well, I think IDS stands for "intrusion detection system"... Something like http://www.snort.org, etc.
Shortzz
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.