Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-11 Thread Eero Volotinen
nessus also supports local checks on centos for patch levels? On Aug 11, 2013 3:04 PM, "Anumeha Prasad" wrote: > I understood when Stephen said "Don't trust nessus scans" as I had also > mentioned in thi thread. Just that someone also mentioned in this thread > that "Nessus should not in general

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-11 Thread Anumeha Prasad
I understood when Stephen said "Don't trust nessus scans" as I had also mentioned in thi thread. Just that someone also mentioned in this thread that "Nessus should not in general be ignored". Simply wanted to double check that before arriving at a conclusion. Thanks On Thu, Aug 8, 2013 at 2:24

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-08 Thread Alexander Dalloz
Am 08.08.2013 09:04, schrieb Anumeha Prasad: > Thanks for the update. > > I'd updated most of my rpms to CentOS 5.9. I'd even updated openssl > to openssl-0.9.8e-22.el5_8.4 (though now the latest is version > is openssl-0.9.8e-26.el5_9.1). My concern is that even upgrading openssl to > version ope

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-08 Thread Anumeha Prasad
disclaimer is not here: > I am not a contracting officer. I do not have authority to make or > modify the terms of any contract. > > > > -Original Message- > > From: Anumeha Prasad [mailto:anumeha.pra...@gmail.com] > > Sent: Tuesday, August 06, 2013 7:18 > >

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-06 Thread Denniston, Todd A CIV NAVSURFWARCENDIV Crane
gmail.com] > Sent: Tuesday, August 06, 2013 7:18 > To: CentOS mailing list > Subject: Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion > Handshakes > > Thank You. > > "Support for RFC 5746 in OpenSSL was introduced upstream in version > 0.9.8m" &

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-06 Thread Anumeha Prasad
Thank You. "Support for RFC 5746 in OpenSSL was introduced upstream in version 0.9.8m" mentioned in the Redhat article made me think that I would require this version. Stephen, as per what you explained, I should be fine with openssl-0.9.8e-22.el5. Right? So, can the vulnerability reported by Ness

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-06 Thread Stephen Harris
On Tue, Aug 06, 2013 at 04:01:12PM +0530, Anumeha Prasad wrote: > Hi, > > I'm currently at CentOS 5.8. I'm using openssl version > openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus > security scan: Don't trust Nessus scans > As per following link, Redhat has introduced

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

2013-08-06 Thread John R. Dennison
On Tue, Aug 06, 2013 at 04:01:12PM +0530, Anumeha Prasad wrote: > Hi, > > I'm currently at CentOS 5.8. I'm using openssl version Current is 5.9. Update. > openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus Current openssl is 0.9.8e-26. Again update.