2015年11月8日 星期日

Linux Upgrade OPENSSL

http://www.cyberciti.biz/faq/howto-openssl-security-update-cve20150291-cve20150204-cve20150290-cve20150207-cve20150286/


How To Patch and Protect OpenSSL Vulnerability # CVE-2015-0291 CVE-2015-0204 [ 19/March/2015 ]


How to find openssl version on a Linux?

The syntax is as follows:

Find openssl version on a CentOS/RHEL/SL/Fedora Linux

openssl version
## or ##
sudo yum list installed openssl

## how do I find out my distro version? ##
lsb_release -a
## or use ## 
cat /etc/*-release


CentOS/RHEL/Fedora Linux

Type the following yum command to patch openssl as root user to patch openssl:
sudo yum clean all
To install the updates, use the yum command as follows:
sudo yum update
To only update the OpenSSL package and its dependencies, use the following yum command:
sudo yum update openssl
Sample outputs:
Loaded plugins: auto-update-debuginfo, protectbase, rhnplugin, security
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
epel-debuginfo/metalink                                  |  13 kB     00:00
rhel-x86_64-server-6                                     | 1.5 kB     00:00
rhel-x86_64-server-6/primary                             |  21 MB     00:05
rhel-x86_64-server-6                                                14680/14680
rhel-x86_64-server-6-debuginfo                           | 1.3 kB     00:00
rhel-x86_64-server-6-debuginfo/primary                   | 1.1 MB     00:00
rhel-x86_64-server-6-debuginfo                                        5939/5939
rhel-x86_64-server-optional-6                            | 1.5 kB     00:00
rhel-x86_64-server-optional-6/primary                    | 2.0 MB     00:00
rhel-x86_64-server-optional-6                                         8239/8239
rhel-x86_64-server-optional-6-debuginfo                  | 1.3 kB     00:00
rhel-x86_64-server-optional-6-debuginfo/primary          | 681 kB     00:00
rhel-x86_64-server-optional-6-debuginfo                               3571/3571
0 packages excluded due to repository protections
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-30.el6_6.5 will be updated
--> Processing Dependency: openssl = 1.0.1e-30.el6_6.5 for package: openssl-devel-1.0.1e-30.el6_6.5.x86_64
---> Package openssl.x86_64 0:1.0.1e-30.el6_6.7 will be an update
--> Running transaction check
---> Package openssl-devel.x86_64 0:1.0.1e-30.el6_6.5 will be updated
---> Package openssl-devel.x86_64 0:1.0.1e-30.el6_6.7 will be an update
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package          Arch      Version               Repository               Size
================================================================================
Updating:
 openssl          x86_64    1.0.1e-30.el6_6.7     rhel-x86_64-server-6    1.5 M
Updating for dependencies:
 openssl-devel    x86_64    1.0.1e-30.el6_6.7     rhel-x86_64-server-6    1.2 M
 
Transaction Summary
================================================================================
Upgrade       2 Package(s)
 
Total download size: 2.7 M
Is this ok [y/N]: n
Exiting on user Command
[root@txvip1 ~]#
[root@txvip1 ~]# yum update openssl
Loaded plugins: auto-update-debuginfo, protectbase, rhnplugin, security
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
0 packages excluded due to repository protections
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-30.el6_6.5 will be updated
--> Processing Dependency: openssl = 1.0.1e-30.el6_6.5 for package: openssl-devel-1.0.1e-30.el6_6.5.x86_64
---> Package openssl.x86_64 0:1.0.1e-30.el6_6.7 will be an update
--> Running transaction check
---> Package openssl-devel.x86_64 0:1.0.1e-30.el6_6.5 will be updated
---> Package openssl-devel.x86_64 0:1.0.1e-30.el6_6.7 will be an update
--> Finished Dependency Resolution
 
Dependencies Resolved
 
============================================================================================
 Package             Arch         Version                  Repository                  Size
============================================================================================
Updating:
 openssl             x86_64       1.0.1e-30.el6_6.7        rhel-x86_64-server-6       1.5 M
Updating for dependencies:
 openssl-devel       x86_64       1.0.1e-30.el6_6.7        rhel-x86_64-server-6       1.2 M
 
Transaction Summary
============================================================================================
Upgrade       2 Package(s)
 
Total download size: 2.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): openssl-1.0.1e-30.el6_6.7.x86_64.rpm                          | 1.5 MB     00:00
(2/2): openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm                    | 1.2 MB     00:00
--------------------------------------------------------------------------------------------
Total                                                       6.4 MB/s | 2.7 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : openssl-1.0.1e-30.el6_6.7.x86_64                                         1/4
  Updating   : openssl-devel-1.0.1e-30.el6_6.7.x86_64                                   2/4
  Cleanup    : openssl-devel-1.0.1e-30.el6_6.5.x86_64                                   3/4
  Cleanup    : openssl-1.0.1e-30.el6_6.5.x86_64                                         4/4
  Verifying  : openssl-1.0.1e-30.el6_6.7.x86_64                                         1/4
  Verifying  : openssl-devel-1.0.1e-30.el6_6.7.x86_64                                   2/4
  Verifying  : openssl-1.0.1e-30.el6_6.5.x86_64                                         3/4
  Verifying  : openssl-devel-1.0.1e-30.el6_6.5.x86_64                                   4/4
 
Updated:
  openssl.x86_64 0:1.0.1e-30.el6_6.7
 
Dependency Updated:
  openssl-devel.x86_64 0:1.0.1e-30.el6_6.7
 
 

Do I need to reboot my server/laptop/computer powered by Linux?

Short answer - yes, you need to reboot your computer/server to make all the necessary changes. Sysadmin should plan on updating as soon as possible or use maintenance reboot window:
sudo reboot

沒有留言:

張貼留言