Re: How to upgrade openssl to 0.96e??

From: Jeff Breitner (zptr_AT_rudn_DOT_com@info.der-keiler.de)
Date: 09/17/02


From: "Jeff Breitner" <zptr_AT_rudn_DOT_com>
Date: Tue, 17 Sep 2002 12:35:12 -0400


"> Thanks for your help, because the lastest vulnerability found, patch it
need
> to upgrade openssl to 0.9.6e, but I only find openssl 0.96b rpm at
> redhat.com.
> How can I do???

I believe that RPM has been patched. However, here's how I upgraded my
OpenSSL from tarball.

1. Unzip and untar the tarball.
2. Enter into the openssl-0.9.6g (g is the latest) directory
3. Type ./Config linux-elf shared
4. Type make
5. Type make test
6 Tyhpe make install

Now, this will put your libraries into /usr/local/ssl/lib, and that's
probably not in your ld.so.config. So with a text editor, edit
/etc/ld.so.config, enter in the path /usr/local/ssl/lib and save it. Then
type /sbin/ldconfig to commit the changes.

The next issue you have is that located in /usr/lib are your old alleged
unpatched libraries. You'll need to ditch those. But when you ditch them,
programs using them will quit working (sshd, dig, nslookup come to mind).
Ergo, you'll need to copy the latest ones into /usr/lib (and rename them) or
create a link to libcrypto.so.1 to your new libcrypto.so.0.9.6.

This is one reason doing this with RPMs is *so* much easier.