Method of upgrading OpenSSL on Linux system

Time:2021-11-23

I use CentOS. At present, officials say that the threatened versions are 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a and 1.0.1. In OpenSSL version 1.0.1g, the “heartbleed” vulnerability was fixed. All CentOS 6.5 systems running OpenSSL 1.0.1e (openssl-1.0.1e-16. El6_5.4) will be threatened. It seems that only 6.5 will be threatened.

Check your OpenSSL version first. The command is as follows:

   

Copy code

The code is as follows:

#openssl version

perhaps

  

Copy code

The code is as follows:

#OpenSSL version – A / / add the – a parameter to display more details

Or

   

Copy code

The code is as follows:

#Yum info OpenSSL / / RedHat series available

Ubuntu and Debian can use the following commands:

   

Copy code

The code is as follows:

#dpkg-query -l ‘openssl’

Well, I use OpenSSL 1.0.1f, the threatened version. Oh, what a pit. But it didn’t open   Heartbleed, no HTTPS access is set, no impact, but it’s still upgraded.

Enter the command to upgrade the OpenSSL version:

   

Copy code

The code is as follows:

#Yum clean all & & Yum update “OpenSSL *” / / RedHat series available

    

Ubuntu and Debian can use the following commands:

   

Copy code

The code is as follows:

#apt-get update
#apt-get upgrade

OpenSUSE uses the following command:

   

Copy code

The code is as follows:

#zypper update

 

Make sure you have openssl-1.0.1e-16.el6 installed_ Version 5.7   Or a newer version. If this package is not available in the yum source, you can only download and install the RPM package yourself. I guess there must be.

Install openssl-1.0.1e-16.el6 for wool_ What about version 5.7? Because this version has been repaired, see http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html   
 

Then execute the following command to check which processes are still using the deleted old version of OpenSSL Library:

   

Copy code

The code is as follows:

#lsof -n | grep ssl | grep DEL

No, it’s normal. If so, you have to re-use every process that uses the old version of OpenSSL library. So, I’m too lazy to restart one by one. It’s a small blog again. I restart the server directly.

 

If possible, it is recommended to regenerate the SSL private key and change the password.

 

Note: you can also use the following command to check that the version of OpenSSL you installed has been patched, because each time you fix the vulnerability, the software package itself will record this information in the change log. The command is as follows:

   

Copy code

The code is as follows:

# rpm -q –changelog openssl-1.0.1e | grep -B 1 CVE-2014-0160

   // Cve-2014-0160 is the code for this vulnerability. You can check it on the OpenSSL official website

Display:

Copy code

The code is as follows:

*Mon APR 07 2014 Tom Wang Mr Wang Z< [email protected] > 1.0.1e-16.7
– fix CVE-2014-0160 – information disclosure in TLS heartbeat extension

This indicates that this version has fixed this vulnerability.

Recommended Today

Apache sqoop

Source: dark horse big data 1.png From the standpoint of Apache, data flow can be divided into data import and export: Import: data import. RDBMS—–>Hadoop Export: data export. Hadoop—->RDBMS 1.2 sqoop installation The prerequisite for installing sqoop is that you already have a Java and Hadoop environment. Latest stable version: 1.4.6 Download the sqoop installation […]