Based on my _nginx_upgrade.log, I don't see any 404 or not found phrase :).
if you get broken downloads, upgrade would of aborted before end of upgrade if upgrade completed = all okay
Redhat/CentOS bugzilla and info starting to show up OpenSSL Updates of 19 March 2015 - Red Hat Customer Portal One of the high severity CVE is CVE-2015-0291 access.redhat.com | CVE-2015-0291 Bug 1202338 – CVE-2015-0291 openssl: ClientHello sigalgs NULL pointer dereference DoS This bug doesn't affect Redhat/CentOS 5, 6 or 7 apparently ! More info at OpenSSL Updates of 19 March 2015 - Red Hat Customer Portal Red Hat Enterprise Linux 5 CVE Red Hat Enterprise Linux 5 package: openssl Red Hat Enterprise Linux 5 package: openssl097a CVE-2015-0286 not affected not affected CVE-2015-0287 deferred deferred CVE-2015-0289 deferred deferred CVE-2015-0292 deferred deferred CVE-2015-0293 deferred deferred CVE-2015-0288 deferred deferred CVE-2015-0291 not affected not affected CVE-2015-0290 not affected not affected CVE-2015-0207 not affected not affected CVE-2015-0208 not affected not affected CVE-2015-1787 not affected not affected CVE-2015-0285 not affected not affected CVE-2015-0209 not affected not affected Red Hat Enterprise Linux 6 CVE Red Hat Enterprise Linux 6 package: openssl Red Hat Enterprise Linux 6 package: openssl098e CVE-2015-0286 affected not affected CVE-2015-0287 affected deferred CVE-2015-0289 affected deferred CVE-2015-0292 affected deferred CVE-2015-0293 affected deferred CVE-2015-0288 affected deferred CVE-2015-0291 not affected not affected CVE-2015-0290 not affected not affected CVE-2015-0207 not affected not affected CVE-2015-0208 not affected not affected CVE-2015-1787 not affected not affected CVE-2015-0285 not affected not affected CVE-2015-0209 affected not affected Red Hat Enterprise Linux 7 CVE Red Hat Enterprise Linux 7 package: openssl Red Hat Enterprise Linux 7 package: openssl098e CVE-2015-0286 affected not affected CVE-2015-0287 affected deferred CVE-2015-0289 affected deferred CVE-2015-0292 affected deferred CVE-2015-0293 affected deferred CVE-2015-0288 affected deferred CVE-2015-0291 not affected not affected CVE-2015-0290 not affected not affected CVE-2015-0207 not affected not affected CVE-2015-0208 not affected not affected CVE-2015-1787 not affected not affected CVE-2015-0285 not affected not affected CVE-2015-0209 affected not affected
Nice to see CentOS was unaffected (yay CentOS!). Nevertheless, just completed the upgrade and all went well. Thanks for the easy instructions.
Heads up OpenSSL 1.0.1e-30.el6_6.7 update via YUM is available now if you didn't already use yum-cron for auto updates. Code: yum list updates -q | grep openssl openssl.x86_64 1.0.1e-30.el6_6.7 updates openssl-devel.x86_64 1.0.1e-30.el6_6.7 updates Code: rpm -qa --changelog openssl | head -n11 * Thu Mar 19 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-30.7 - update fix for CVE-2015-0287 to what was released upstream * Wed Mar 18 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-30.6 - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server To update Code: yum -y update Note: after system update you need to reboot your server to ensure all services which use OpenSSL also use the updated version.
By the way, How can I replace my entire openssl from axivo repo to the default repo? I don't care if it's not the latest stable version as long as it's always updated with security update.
Tried this command but not working. Code: # yum reinstall openssl Loaded plugins: downloadonly, fastestmirror, priorities, security Setting up Reinstall Process Loading mirror speeds from cached hostfile * base: centos.bhs.mirrors.ovh.net * epel: mirror.steadfast.net * extras: centos.bhs.mirrors.ovh.net * rpmforge: mirror.lug.udel.edu * updates: mirror.gpmidi.net 1640 packages excluded due to repository priority protections Installed package 1:openssl-1.0.1j-1.el6.x86_64 (from axivo) not available. Error: Nothing to do
I tried this command: Code: # yum install openssl-1.0.1e-30.el6_6.7 Loaded plugins: downloadonly, fastestmirror, priorities, security Setting up Install Process Loading mirror speeds from cached hostfile * base: centos.bhs.mirrors.ovh.net * epel: mirror.steadfast.net * extras: centos.bhs.mirrors.ovh.net * rpmforge: mirror.lug.udel.edu * updates: mirror.gpmidi.net 1640 packages excluded due to repository priority protections Package matching openssl-1.0.1e-30.el6_6.7.x86_64 already installed. Checking for update. Nothing to do So I have two versions of openssl installed? :?
you can try https://www.axivo.com/resources/repository-setup.1/update?update=20 but not idea if it will screw up your system as openssl is tightly integrated
Code: # yum -q list openssl* Installed Packages openssl.x86_64 1:1.0.1j-1.el6 @axivo openssl-devel.x86_64 1:1.0.1j-1.el6 @axivo openssl-libs.x86_64 1:1.0.1j-1.el6 @axivo Available Packages openssl-perl.x86_64 1.0.1e-30.el6_6.7 updates openssl-static.x86_64 1.0.1e-30.el6_6.7 updates openssl098e.x86_64 0.9.8e-18.el6_5.2 base
oh thought you were removing them using instructions at https://www.axivo.com/resources/repository-setup.1/update?update=20 to go back to CentOS packages ?