?
Solved

How to upgrade OpenSSL 0.9.7.a to OpenSSL  0.9.81:  RedHat 9.0, with Surgemail Linux 4.2a3-3.

Posted on 2010-01-11
4
Medium Priority
?
986 Views
Last Modified: 2013-12-06
Hi,

I have a critical problem on my email server. Our firewall is sending me belowing log message.
http://www.fortiguard.com/encyclopedia/vulnerability/openssl.asn.1.double.free.html

It says: Your mail server is impacted Denial of service Possible arbitrary code execution, affected product is OpenSSL 0.9.7. Have to upgrade.

Now, I need to upgrade openssl 0.9.7a to Openssl 0.9.81 version. But I dont know how to do it. I afraid if I upgrade this how affect to mail service of mail server.
Mail server is a Surgemail. We are using mirror server.
Mail servers certificate installed is a self-signed cert. MD5
I dont want to lost mail servers configuration or server stuck.

How to do, please give me suggestion and procedure?

Thank you in advance.
0
Comment
Question by:amaraa12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 2

Author Comment

by:amaraa12
ID: 26290645
How to use ssl-plus cert. how to configure on the red hat with surgemail.

http://www.digicert.com/welcome/ssl-plus.htm 
http://www.digicert.com/csr-creation-apache.htm 
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 26323833
Which linux OS do you have?
Some vendor Redhat/centos maintain the version while patching the security issues.  The notice is just informational.  Once you make sure that the openssl 0.9.7.x is patched, you can ignore those alerts.

The upgrade is simple enough, get the openssl source from www.openssl.org and configure/compile/install it.
The pitfalls however deal with whether the applications you have that use the openssl will continue to function with the newer version.
Some application had openssl statically compiled such that an install of the new version will not do a thing to secure/fix the issue.
run:
ldd /path/to/mail_server_binary
If libssl is not part of the listing, that would mean that openssl is statically compiled and you would need to update the mail application.  i.e. recompile it with either the updated openssl 0.9.8 or the patched version 0.9.7.x
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't know how to downgrade, my instructions below should be helpful.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses
Course of the Month9 days, 21 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question