Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1010
  • Last Modified:

How to upgrade OpenSSL 0.9.7.a to OpenSSL 0.9.81: RedHat 9.0, with Surgemail Linux 4.2a3-3.

Hi,

I have a critical problem on my email server. Our firewall is sending me belowing log message.
http://www.fortiguard.com/encyclopedia/vulnerability/openssl.asn.1.double.free.html

It says: Your mail server is impacted Denial of service Possible arbitrary code execution, affected product is OpenSSL 0.9.7. Have to upgrade.

Now, I need to upgrade openssl 0.9.7a to Openssl 0.9.81 version. But I dont know how to do it. I afraid if I upgrade this how affect to mail service of mail server.
Mail server is a Surgemail. We are using mirror server.
Mail servers certificate installed is a self-signed cert. MD5
I dont want to lost mail servers configuration or server stuck.

How to do, please give me suggestion and procedure?

Thank you in advance.
0
amaraa12
Asked:
amaraa12
1 Solution
 
amaraa12Author Commented:
How to use ssl-plus cert. how to configure on the red hat with surgemail.

http://www.digicert.com/welcome/ssl-plus.htm 
http://www.digicert.com/csr-creation-apache.htm 
0
 
arnoldCommented:
Which linux OS do you have?
Some vendor Redhat/centos maintain the version while patching the security issues.  The notice is just informational.  Once you make sure that the openssl 0.9.7.x is patched, you can ignore those alerts.

The upgrade is simple enough, get the openssl source from www.openssl.org and configure/compile/install it.
The pitfalls however deal with whether the applications you have that use the openssl will continue to function with the newer version.
Some application had openssl statically compiled such that an install of the new version will not do a thing to secure/fix the issue.
run:
ldd /path/to/mail_server_binary
If libssl is not part of the listing, that would mean that openssl is statically compiled and you would need to update the mail application.  i.e. recompile it with either the updated openssl 0.9.8 or the patched version 0.9.7.x
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now