On Jul 22, 2014, at 09:17 , Venkata Golla <venkata.go...@eai.ae> wrote:
> Dear, > > We have already contacted with OS vendor (Oracle Linux) and Symantec (SSL > certificate vendor). They both said, it is out of their scope. > And we tried to install by following README; unfortunately it's not working. > > Who can assist us on this, Thanks. I believe this is the wrong mailing list for this question. However, the proper answer is probably that you should _not_ build openssl yourself, but instead update the most current OpenSSL version provided by the Linux distribution you're using. Then verify that the alleged security vulnerabilities are indeed fixed, then close this issue as a false positive. You can check the release notes for the installed openssl package with rpm -q --changelog openssl and if you have the most recent package installed, it should have a fix for CVE-2014-0224, e.g.: * Wed Jun 04 2014 Tomas Mraz <tm...@redhat.com> 0.9.8e-27.3 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability This one is part of RHEL 5.10, I have no idea how or when Oracle tracks those changes, much less if they backport anything to 5.7. rainer______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
