Subject: | |
From: | |
Reply To: | |
Date: | Tue, 21 Feb 2017 17:35:48 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Mon, 20 Feb 2017, Pat Riehecky wrote:
> Synopsis: Moderate: openssl security update
> Advisory ID: SLSA-2017:0286-1
> Issue Date: 2017-02-20
> CVE Numbers: CVE-2016-8610
> CVE-2017-3731
> --
... ...
> SL6
> x86_64
> openssl-1.0.1e-48.el6_8.4.i686.rpm
> openssl-1.0.1e-48.el6_8.4.x86_64.rpm
> openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
> openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm
> openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
> openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm
> openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm
> openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
> i386
> openssl-1.0.1e-48.el6_8.4.i686.rpm
> openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
> openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
> openssl-perl-1.0.1e-48.el6_8.4.i686.rpm
> openssl-static-1.0.1e-48.el6_8.4.i686.rpm
This update hasn't arrived at my end yet, so I went poking:
# yum --enablerepo=sl-security --showduplicates list openssl
Loaded plugins: auto-update-debuginfo, fastestmirror, refresh-packagekit,
: security
Loading mirror speeds from cached hostfile
* elrepo: mirrors.coreix.net
* epel: www.mirrorservice.org
* epel-debuginfo: www.mirrorservice.org
* sl: ftp1.scientificlinux.org
* sl-debuginfo: ftp1.scientificlinux.org
* sl-fastbugs: ftp1.scientificlinux.org
* sl-security: ftp1.scientificlinux.org
* sl6x: ftp1.scientificlinux.org
* sl6x-fastbugs: ftp1.scientificlinux.org
* sl6x-security: ftp1.scientificlinux.org
Installed Packages
openssl.i686 1.0.1e-48.sl6_8.3 @sl-security
openssl.x86_64 1.0.1e-48.sl6_8.3 @sl-security
Available Packages
openssl.i686 1.0.1e-48.el6 sl
openssl.i686 1.0.1e-48.el6 sl6x
openssl.x86_64 1.0.1e-48.el6 sl
openssl.x86_64 1.0.1e-48.el6 sl6x
openssl.i686 1.0.1e-48.el6_8.1 sl-security
openssl.i686 1.0.1e-48.el6_8.1 sl6x-security
openssl.x86_64 1.0.1e-48.el6_8.1 sl-security
openssl.x86_64 1.0.1e-48.el6_8.1 sl6x-security
openssl.i686 1.0.1e-48.el6_8.4 sl-security
openssl.i686 1.0.1e-48.el6_8.4 sl6x-security
openssl.x86_64 1.0.1e-48.el6_8.4 sl-security
openssl.x86_64 1.0.1e-48.el6_8.4 sl6x-security
openssl.i686 1.0.1e-48.sl6_8.3 sl-security
openssl.i686 1.0.1e-48.sl6_8.3 sl6x-security
openssl.x86_64 1.0.1e-48.sl6_8.3 sl-security
openssl.x86_64 1.0.1e-48.sl6_8.3 sl6x-security
I note that the 6_8.3 versions are el..., whereas the 6_8.4 are all sl...
Of course sl6_8.3 comes after el6_8.4 so the updates are ignored :-(
I'm now confused, should they be el6... or sl6... ?
(I'm also confused about whether I should be using sl-security or
sl6-security, but that is less important).
Thanks,
--
Andrew C Aitchison
|
|
|