OpenSSL 0.9.8k or higher on CentOS 5?

linux centos openssl rpm

Solution 1:

Let me guess - PCI?

What you really want is to look at Red Hat's CVE archives (which CentOS is based on) and verified whether the vulnerability has been fixed based on that list (most of the time, it has been). If you are using a third-party scanner that doesn't recognize your current version, look up the OVAL definitions to see the status of the vulnerabilities as well as whether the fixes were back ported; from there, you can map them to the current "generic" versions of your applications / libraries (in this case, OpenSSL).

Red Hat's link gives more details (which CentOS reference) as their backports policy. You may want to review it and save yourself the trouble of rebuilding OpenSSL.

Solution 2:

Be aware that RedHat backports security fixes and such to packages and only increments the package subversion number and not the versioning of the package. Since Centos comes directly from RedHat, I might expect the same from their packaging as well.

Related

Hubs/switches taking out switches?
Which linux-based firewall? [closed]
How can I disable SAMBA broadcasting features?
Unable able to run remote Powershell using Active Directory
Noob question: What is inside a server? [closed]
Installing apache2 with apt-get, apache2-mpm-prefork?
Connecting to screen
Linux - martian source in /var/log/messages
How Do I Properly Run OfflineIMAP in a Crontab
What exactly does this dpkg command do?
how to modify /etc/hosts from shell scripts?
Suggestions for a NAS for VMware storage [closed]