[BlueOnyx:15169] Re: unable to YUM
Michael Stauber
mstauber at blueonyx.it
Thu Apr 10 22:06:28 -05 2014
Hi Adam,
> "openssl version -a" produces:
>
> OpenSSL 1.0.1e-fips 11 Feb 2013
> built on: Mon Apr 7 23:06:04 CDT 2014
Do a "rpm -q --changelog openssl|more" to take a look at the changelog
of the RPM. You'll see that it contains the fix against CVE-2014-0160.
See: https://rhn.redhat.com/errata/RHSA-2014-0376.html
The openssl-1.0.1e-16.el6_5.7 RPM was fixed by RedHat and then re-rolled
and distributed by CentOS and Scientific Linux based on the RedHat RPM.
As is policy with RedHat (and other RPM based distributions) they keep
the major version number the same during the lifetime of an OS and just
bump the release number. In this case they backported the fixes from
1.0.1g to this 1.0.1e to address the problem with CVE-2014-0160.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list