Koozali.org: home of the SME Server

OpenSSL vulnerability -- why 19 rpms?

kyle coburn

OpenSSL vulnerability -- why 19 rpms?
« on: October 22, 2002, 11:53:03 AM »
which one of these updates is essential to secure my server from the OpenSSL vulnerability. i dont want to screw with anything else. can i install these individually via the "update server" panel i installed on my server? Which ones are essential?  Why arent they in one file??? whats the easiest way to install all of them? what would the rsync commands be, in newbie terms, i have Never done this, and just started using linux, i would just leave it but i dont want my server open to attack.  
Thank you for any advise!


5.5/Update2/RPMS

    SMEServer-5.5_Update2-10.noarch.rpm
    apache-1.3.22-6es1.i386.rpm
    e-smith-base-4.10.16-01.noarch.rpm
    e-smith-blades-1.4.8-01.noarch.rpm
    e-smith-email-4.10.4-01.noarch.rpm
    e-smith-horde-1.4.13-01.noarch.rpm
    e-smith-locale-fr_CA-1.2.8-01.noarch.rpm
    e-smith-mailfront-0.2.3-01.noarch.rpm
    e-smith-manager-1.6.1-01.noarch.rpm
    e-smith-named-1.8.1-01.noarch.rpm
    e-smith-packetfilter-1.8.1-01.noarch.rpm
    e-smith-samba-1.6.3-01.noarch.rpm
    e-smith-turba-0.20.2-01.noarch.rpm
    e-smith-viewlogfiles-1.0.6-01.noarch.rpm
    initscripts-5.83-1es5.i386.rpm
    openssh-3.1p1-2es2.i386.rpm
    openssh-clients-3.1p1-2es2.i386.rpm
    openssh-server-3.1p1-2es2.i386.rpm
    openssl-0.9.6b-28.i386.rpm

Andrei

Re: OpenSSL vulnerability -- why 19 rpms?
« Reply #1 on: October 22, 2002, 01:03:37 PM »
Did you read the installation part of this upgrade? After you download these into a directory (use an ibay or something) you only have to execute 3 lines as root.

Jon Blakely

Re: OpenSSL vulnerability -- why 19 rpms?
« Reply #2 on: October 22, 2002, 03:47:07 PM »
Also if you had spent a little more time and read ALL the info you would have found that not only does this this update fix the OpenSSL vulnerability but it also fixes many of the bugs in 5.5 that have been reported and verified.

Jon

kyle coburn

Re: OpenSSL vulnerability -- why 19 rpms?
« Reply #3 on: October 23, 2002, 01:26:51 AM »
Jon i appologize for not clarifying my question, thanks your help Andrei and Jon. I understand the frustration with newbies that dont RTM. I was just confused by the installation instructions, it wasnt the step by step i am comforatable with at this point.
:)

regards,
Kyle

Ray Mitchell

Re: OpenSSL vulnerability -- why 19 rpms?
« Reply #4 on: October 23, 2002, 01:52:45 PM »
Dear Kyle
I am a begiiner also who has slowly been getting more familiar with doing things on sme servers so I appreciate where you are coming from. The instructions are pretty easy though:

To install the update, download the appropriate RPMS into a directory on your SME Server and run the following commands as root

    rpm -Uvh --replacepkgs *.rpm
    /sbin/e-smith/signal-event post-upgrade
    /sbin/e-smith/signal-event reboot

What part are you having trouble with ?
Regards
Ray Mitchell

kyle coburn

Re: OpenSSL vulnerability -- why 19 rpms?
« Reply #5 on: October 26, 2002, 09:24:39 PM »
well i uploaded all the rpms to an ibay then moved them to a new root dir, /update
then i ran the commands as root. the second command took awhile so it did somthing but it doesnt show up in the blades panel only update1 is shown. is there any way to see what went wrong? i looked in rpmlist.log

seems that the following update rpms worked
apache-1.3.22-6es1
openssh-3.1p1-2es2
openssh-clients-3.1p1-2es2
openssh-server-3.1p1-2es2


what about the other rpms?????


kyle coburn

Ray Mitchell

Re: OpenSSL vulnerability -- why 19 rpms?
« Reply #6 on: October 28, 2002, 05:58:00 AM »
Kyle
I think rpm -qa gives you a list of all rpms installed
Regards
Ray Mitchell

Ray Mitchell

Re: OpenSSL vulnerability -- why 19 rpms?
« Reply #7 on: October 28, 2002, 06:01:14 AM »
Kyle
If you instal using the blades panel then the updates are listed there, if you instal manually then they do not obviously list in the blades panel.
Regards
Ray Mitchell