binovpd
asked on
heartbeat openssl fix fedora 16
I am in the process of patching two redhat servers. They are only used for mail no hosted websites, but we are using SSL for mail.
One of the servers is an older version of redhat (Redhat version 16)
Linux version 3.1.0-7.fc16.x86_64 (mockbuild@x86-07.phx2.fed oraproject .org)
(gcc version 4.6.2 20111027 (Red Hat 4.6.2-1) (GCC) )
If I do a yum update openssl it will return that it is pulling
1.0.0j-1.fc16 not the most current patched version
The current version on the server.
OpenSSL 1.0.0e-fips 6 Sep 2011
From what I have been reading openssl versions under the 1.0.0 branch are not affected.
http://heartbleed.com/
With that said is there any way I can test this on the server. From what I am reading this vulnerability does not affect this server due to the version of openssl but I want to be sure.
One of the servers is an older version of redhat (Redhat version 16)
Linux version 3.1.0-7.fc16.x86_64 (mockbuild@x86-07.phx2.fed
(gcc version 4.6.2 20111027 (Red Hat 4.6.2-1) (GCC) )
If I do a yum update openssl it will return that it is pulling
1.0.0j-1.fc16 not the most current patched version
The current version on the server.
OpenSSL 1.0.0e-fips 6 Sep 2011
From what I have been reading openssl versions under the 1.0.0 branch are not affected.
http://heartbleed.com/
With that said is there any way I can test this on the server. From what I am reading this vulnerability does not affect this server due to the version of openssl but I want to be sure.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Which 'latest' version?
Update is fine, I recommend leave openssl alone until the bug is fixed, consider you are not unaffected.
Update is fine, I recommend leave openssl alone until the bug is fixed, consider you are not unaffected.
ASKER
"Which 'latest' version?"
Mazdajai I was noticing current versions of fedora are 19 and 20. All the openssl patch info seems related to those version. I was a bit concerned we are falling far behind on the version of fedora, but as you said I think I'll just leave it alone for now.
Mazdajai I was noticing current versions of fedora are 19 and 20. All the openssl patch info seems related to those version. I was a bit concerned we are falling far behind on the version of fedora, but as you said I think I'll just leave it alone for now.
ASKER