我正在尝试将 openssl 版本从 0.9.8w 升级到 0.9.8 y,以解决以下安全漏洞 CVE-2012-2333、CVE-2013-0166、CVE-2013-0169。
在尝试升级时,我面临以下依赖关系,对此的任何见解都将不胜感激。
[root@CAM store]# openssl version
OpenSSL 0.9.8w 23 Apr 2012
[root@CAM store]# rpm -qa | grep openssl
openssl-0.9.8e-22.el5
openssl-0.9.8w-1
[root@CAM store]# rpm -Uvh openssl-0.9.8y-1.i386.rpm
error: Failed dependencies:
libcrypto.so.6 is needed by (installed) m2crypto-0.16-8.el5.i386
libcrypto.so.6 is needed by (installed) python-libs-2.4.3-46.el5.i386
libcrypto.so.6 is needed by (installed) openldap-2.3.43-25.el5.i386
libcrypto.so.6 is needed by (installed) net-snmp-libs-5.3.2.2-17.el5.i386
libcrypto.so.6 is needed by (installed) postgresql-libs-8.1.23-1PGDG.rhel5.i386
libcrypto.so.6 is needed by (installed) bind-libs-9.3.6-20.P1.el5.i386
libcrypto.so.6 is needed by (installed) curl-7.15.5-15.el5.i386
libcrypto.so.6 is needed by (installed) libnasl2-2.2.11-27.el5.i386
libcrypto.so.6 is needed by (installed) nmap-4.11-2.i386
libcrypto.so.6 is needed by (installed) wget-1.11.4-2.el5_4.1.i386
libcrypto.so.6 is needed by (installed) nessus-server-2.2.11-27.el5.i386
libcrypto.so.6 is needed by (installed) cyrus-sasl-2.1.22-5.el5_4.3.i386
libcrypto.so.6 is needed by (installed) bind-utils-9.3.6-20.P1.el5.i386
libcrypto.so.6 is needed by (installed) neon-0.25.5-10.el5_4.1.i386
libcrypto.so.6 is needed by (installed) openldap-clients-2.3.43-25.el5.i386
libcrypto.so.6 is needed by (installed) cyrus-sasl-md5-2.1.22-5.el5_4.3.i386
libcrypto.so.6 is needed by (installed) stunnel-4.15-2.el5.1.i386
libcrypto.so.6 is needed by (installed) distcache-1.4.5-14.1.i386
libcrypto.so.6 is needed by (installed) tcpdump-3.9.4-15.el5.i386
libcrypto.so.6 is needed by (installed) ntp-4.2.2p1-15.el5.centos.1.i386
libcrypto.so.6 is needed by (installed) net-snmp-5.3.2.2-17.el5.i386
libcrypto.so.6 is needed by (installed) fipscheck-1.2.0-1.el5.i386
libcrypto.so.6 is needed by (installed) net-snmp-utils-5.3.2.2-17.el5.i386
libcrypto.so.6 is needed by (installed) postgresql-8.1.23-1PGDG.rhel5.i386
libcrypto.so.6 is needed by (installed) postgresql-server-8.1.23-1PGDG.rhel5.i386
libcrypto.so.6 is needed by (installed) postgresql-contrib-8.1.23-1PGDG.rhel5.i386
libcrypto.so.6 is needed by (installed) cavium-1.0-7.i386
libssl.so.6 is needed by (installed) m2crypto-0.16-8.el5.i386
libssl.so.6 is needed by (installed) python-libs-2.4.3-46.el5.i386
libssl.so.6 is needed by (installed) openldap-2.3.43-25.el5.i386
libssl.so.6 is needed by (installed) postgresql-libs-8.1.23-1PGDG.rhel5.i386
libssl.so.6 is needed by (installed) curl-7.15.5-15.el5.i386
libssl.so.6 is needed by (installed) libnasl2-2.2.11-27.el5.i386
libssl.so.6 is needed by (installed) nmap-4.11-2.i386
libssl.so.6 is needed by (installed) wget-1.11.4-2.el5_4.1.i386
libssl.so.6 is needed by (installed) nessus-server-2.2.11-27.el5.i386
libssl.so.6 is needed by (installed) neon-0.25.5-10.el5_4.1.i386
libssl.so.6 is needed by (installed) quota-3.13-5.el5.i386
libssl.so.6 is needed by (installed) openldap-clients-2.3.43-25.el5.i386
libssl.so.6 is needed by (installed) stunnel-4.15-2.el5.1.i386
libssl.so.6 is needed by (installed) distcache-1.4.5-14.1.i386
libssl.so.6 is needed by (installed) postgresql-8.1.23-1PGDG.rhel5.i386
libssl.so.6 is needed by (installed) postgresql-server-8.1.23-1PGDG.rhel5.i386
libssl.so.6 is needed by (installed) postgresql-contrib-8.1.23-1PGDG.rhel5.i386
谢谢,Vetrichelvan.G
答案1
我不知道您从哪里得到该 RPM(因为您没有告诉我们),但您已经遇到问题了:
[root@CAM store]# rpm -qa | grep openssl
openssl-0.9.8e-22.el5
openssl-0.9.8w-1
除了 RedHat 提供的 RPM 之外,有人还强行将第二个 OpenSSL RPM 安装到您的系统上,这可能是对早期 OpenSSL 问题的错误回应。
您无需升级 openssl 的版本即可保持安全修补。您需要摆脱奇怪的非发行版版本,并跟上 Red Hat 对 EL5 的修补(只要它受支持)。这意味着您的 openssl-0.9.8e 版本将保持修补状态,即使 OpenSSL 版本号不会改变,RPM 版本也会改变。
你可能会发现这个答案进一步阐明了 Red Hat 使用反向移植补丁来修复漏洞的方式,而不是不断提高应用程序版本号。