Re: How to upgrade openssl to 0.96e??

From: Jeff Breitner (zptr_AT_rudn_DOT_com@info.der-keiler.de)
Date: 09/17/02


From: "Jeff Breitner" <zptr_AT_rudn_DOT_com>
Date: Tue, 17 Sep 2002 12:35:12 -0400


"> Thanks for your help, because the lastest vulnerability found, patch it
need
> to upgrade openssl to 0.9.6e, but I only find openssl 0.96b rpm at
> redhat.com.
> How can I do???

I believe that RPM has been patched. However, here's how I upgraded my
OpenSSL from tarball.

1. Unzip and untar the tarball.
2. Enter into the openssl-0.9.6g (g is the latest) directory
3. Type ./Config linux-elf shared
4. Type make
5. Type make test
6 Tyhpe make install

Now, this will put your libraries into /usr/local/ssl/lib, and that's
probably not in your ld.so.config. So with a text editor, edit
/etc/ld.so.config, enter in the path /usr/local/ssl/lib and save it. Then
type /sbin/ldconfig to commit the changes.

The next issue you have is that located in /usr/lib are your old alleged
unpatched libraries. You'll need to ditch those. But when you ditch them,
programs using them will quit working (sshd, dig, nslookup come to mind).
Ergo, you'll need to copy the latest ones into /usr/lib (and rename them) or
create a link to libcrypto.so.1 to your new libcrypto.so.0.9.6.

This is one reason doing this with RPMs is *so* much easier.



Relevant Pages

  • Re: How to upgrade openssl to 0.96e??
    ... >> My system is Redhat 7.3 and installed old version openssl with rpm, ... >> upgrade openssl to 0.96e with tar ball, ... > RedHat's patched openssl packages are secure against the latest ...
    (comp.os.linux.security)
  • Re: wget-ssl
    ... maybe try to install openssl-developer rpm ... Is there any known package for wget-ssl for AIX 5.1. ... but it is from RPM. ... regular wget from RPM + OpenSSL from RPM!= wget-ssl. ...
    (AIX-L)
  • Re: Vulnerable Openssl version remains & got activated after update
    ... I'll attempt anyway but should I use "rpm -ivh ..." ... Vulnerable Openssl version remains & got activated after update ... Handshake - Server Hello ... trademarks of British Sky Broadcasting Group plc and Sky International AG ...
    (RedHat)
  • Re: Vulnerable Openssl version remains & got activated after update
    ... rpm command. ... first time in this new environment), the openssl devel is ... Handshake - Server Hello ... Why aren't you using 'yum'? ...
    (RedHat)
  • Re: How to build latest n greatest Apache,PHP, OpenSSL rpms?
    ... > I was not looking at how to build an rpm in general ... You could take it from the SRPM of the current Fedora package. ... So you miss specific security updates for CAN reported bugs? ... So having openssl-0.9.7a on FC3 doesn't mean OpenSSL ...
    (Fedora)