There is a vulnerability in version 0.9.8e, but yum seems to still only offer that version:
[code]Available Packages
openssl.i386 0.9.8e-20.el5_7.1.0.1.centos installed[/code]
Is there a reason for this? What's the best way to go about ensuring yum is fairly up to date?
(I know I can update openssl manually, which I will do now)
CentOS 5.7 final
OpenSSL vulnerability, yum not up to date
-
- Posts: 184
- Joined: 2009/01/30 19:58:25
- Location: California
OpenSSL vulnerability, yum not up to date
Please read [url=http://wiki.centos.org/FAQ/General#head-472ce8446ebcfc82ca1800f775ba0e629ac835c7]FAQ 20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere.[/url]
Security patches are backported to the older version. If you have questions about a particular issue that has been assigned a CVE number, you can check it with:
[code]rpm -q --changelog openssl | grep CVE-xxxx-xxxx[/code]
Security patches are backported to the older version. If you have questions about a particular issue that has been assigned a CVE number, you can check it with:
[code]rpm -q --changelog openssl | grep CVE-xxxx-xxxx[/code]