OpenSSL vulnerability CVE-2014-0224

RyanH

• June 05, 2014 17:52

Is there a recommended update path for the CVE-2014-0224 vulnerability in OpenSSL? Unlike Heartbleed it looks like all OpenSSL versions are affected.

• 

  avibodha

  • June 05, 2014 23:54

  openssl security update, RHSA-2014:0625-1 Hi, just saw this security advisory

  0
• 

  quizknows

  • June 06, 2014 01:41

  Re: openssl security update, RHSA-2014:0625-1 I do not believe you need to run EA, someone please correct me if I'm wrong. You do, however, need to restart any services using SSL. A lot of times just restarting the server is easier than restarting all the individual services.

  0
• 

  Infopro

  • June 06, 2014 02:54

  Try here: WHM > Software > Update System Software

  0
• 

  Infopro

  • June 06, 2014 03:01

  Threads merged.

  0
• 

  vikins

  • June 06, 2014 03:46

  I first did "yum clean all" then I did "yum update openssl" and here is the output: Loaded plugins: fastestmirror Determining fastest mirrors epel/metalink | 12 kB 00:00 * epel: mirror.cogentco.com base | 3.7 kB 00:00 base/primary_db | 3.5 MB 00:00 epel | 4.4 kB 00:00 epel/primary_db | 5.1 MB 00:00 extras | 3.4 kB 00:00 extras/primary_db | 18 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 2.9 MB 00:00 Setting up Update Process No Packages marked for Update Notice "No Packages marked for Update". I've tried it on two different CentOS servers, same thing. When I go to that actual mirror it is there: [url=http://mirror.cogentco.com/pub/openssl/?C=M;O=D]Index of /pub/openssl I don't understand what is going on, I'm not patached yet! yum info openssl: Version : 1.0.1e Release : 16.el6_5.7 Why won't it download the new version?

  0
• 

  vikins

  • June 06, 2014 04:17

  Found this info: /etc/yum.repos.d/CentOS-Base.repo Comment out mirrorlist line and uncomment the baseurl line in each stanza. Then run: yum clean all yum update openssl Say YES to the prompt. You'll notice the updated version will not be 1.0.1h but a subversion of 1.0.1e, but it will be patched. Now, reboot all of your services or just reboot your whole server to be sure. Restore CentOS-Base.repo to its previous state.

  0
• 

  cPanelMichael

  • June 06, 2014 19:24

  Hello :) I just wanted to note that updates don't always change the version number. You can check to see if the patch has been backported after updating with a command such as: rpm -q --changelog openssl | grep CVE-2014-0224
  Thank you.

  0

Please sign in to leave a comment.