我正在尝试将openssl版本从0.9.8w升级到0.9.8 y,以解决以下安全漏洞CVE-2012-2333,CVE-2013-0166,CVE-2013-0169。
虽然试图升级我面临以下依赖和任何有识之士将不胜感激。
[root@CAM store]# openssl version OpenSSL 0.9.8w 23 Apr 2012 [root@CAM store]# rpm -qa | grep openssl openssl-0.9.8e-22.el5 openssl-0.9.8w-1 [root@CAM store]# rpm -Uvh openssl-0.9.8y-1.i386.rpm error: Failed dependencies: libcrypto.so.6 is needed by (installed) m2crypto-0.16-8.el5.i386 libcrypto.so.6 is needed by (installed) python-libs-2.4.3-46.el5.i386 libcrypto.so.6 is needed by (installed) openldap-2.3.43-25.el5.i386 libcrypto.so.6 is needed by (installed) net-snmp-libs-5.3.2.2-17.el5.i386 libcrypto.so.6 is needed by (installed) postgresql-libs-8.1.23-1PGDG.rhel5.i386 libcrypto.so.6 is needed by (installed) bind-libs-9.3.6-20.P1.el5.i386 libcrypto.so.6 is needed by (installed) curl-7.15.5-15.el5.i386 libcrypto.so.6 is needed by (installed) libnasl2-2.2.11-27.el5.i386 libcrypto.so.6 is needed by (installed) nmap-4.11-2.i386 libcrypto.so.6 is needed by (installed) wget-1.11.4-2.el5_4.1.i386 libcrypto.so.6 is needed by (installed) nessus-server-2.2.11-27.el5.i386 libcrypto.so.6 is needed by (installed) cyrus-sasl-2.1.22-5.el5_4.3.i386 libcrypto.so.6 is needed by (installed) bind-utils-9.3.6-20.P1.el5.i386 libcrypto.so.6 is needed by (installed) neon-0.25.5-10.el5_4.1.i386 libcrypto.so.6 is needed by (installed) openldap-clients-2.3.43-25.el5.i386 libcrypto.so.6 is needed by (installed) cyrus-sasl-md5-2.1.22-5.el5_4.3.i386 libcrypto.so.6 is needed by (installed) stunnel-4.15-2.el5.1.i386 libcrypto.so.6 is needed by (installed) distcache-1.4.5-14.1.i386 libcrypto.so.6 is needed by (installed) tcpdump-3.9.4-15.el5.i386 libcrypto.so.6 is needed by (installed) ntp-4.2.2p1-15.el5.centos.1.i386 libcrypto.so.6 is needed by (installed) net-snmp-5.3.2.2-17.el5.i386 libcrypto.so.6 is needed by (installed) fipscheck-1.2.0-1.el5.i386 libcrypto.so.6 is needed by (installed) net-snmp-utils-5.3.2.2-17.el5.i386 libcrypto.so.6 is needed by (installed) postgresql-8.1.23-1PGDG.rhel5.i386 libcrypto.so.6 is needed by (installed) postgresql-server-8.1.23-1PGDG.rhel5.i386 libcrypto.so.6 is needed by (installed) postgresql-contrib-8.1.23-1PGDG.rhel5.i386 libcrypto.so.6 is needed by (installed) cavium-1.0-7.i386 libssl.so.6 is needed by (installed) m2crypto-0.16-8.el5.i386 libssl.so.6 is needed by (installed) python-libs-2.4.3-46.el5.i386 libssl.so.6 is needed by (installed) openldap-2.3.43-25.el5.i386 libssl.so.6 is needed by (installed) postgresql-libs-8.1.23-1PGDG.rhel5.i386 libssl.so.6 is needed by (installed) curl-7.15.5-15.el5.i386 libssl.so.6 is needed by (installed) libnasl2-2.2.11-27.el5.i386 libssl.so.6 is needed by (installed) nmap-4.11-2.i386 libssl.so.6 is needed by (installed) wget-1.11.4-2.el5_4.1.i386 libssl.so.6 is needed by (installed) nessus-server-2.2.11-27.el5.i386 libssl.so.6 is needed by (installed) neon-0.25.5-10.el5_4.1.i386 libssl.so.6 is needed by (installed) quota-3.13-5.el5.i386 libssl.so.6 is needed by (installed) openldap-clients-2.3.43-25.el5.i386 libssl.so.6 is needed by (installed) stunnel-4.15-2.el5.1.i386 libssl.so.6 is needed by (installed) distcache-1.4.5-14.1.i386 libssl.so.6 is needed by (installed) postgresql-8.1.23-1PGDG.rhel5.i386 libssl.so.6 is needed by (installed) postgresql-server-8.1.23-1PGDG.rhel5.i386 libssl.so.6 is needed by (installed) postgresql-contrib-8.1.23-1PGDG.rhel5.i386 谢谢,Vetrichelvan.G
我不知道你从哪里得到这个RPM(因为你不告诉我们),但是你已经有了一个问题:
[root@CAM store]# rpm -qa | grep openssl openssl-0.9.8e-22.el5 openssl-0.9.8w-1
除了RedHat提供的OpenSSL RPM之外,别人还会在系统上暴力破解第二个OpenSSL RPM,这可能是对早期OpenSSL问题的不正确回应。
您不需要升级openssl的版本以保持安全修补。 你需要摆脱奇怪的非发行版本,并跟上红帽的EL5修补程序(只要它在支持)。 这意味着你的openssl-0.9.8e版本将保持打补丁,即使OpenSSL版本号不会改变,RPM版本也会。
您可能会发现, 这个答案揭示了红帽backport补丁修复漏洞的方式,而不是经常碰撞应用程序版本号。