On a fully updated CentOS 7 system:
# which openssl
# ls -l /usr/bin/openssl
-rwxr-xr-x. 1 root root 508680 Jun 29 13:48 /usr/bin/openssl
# rpm -qa | grep openssl
Which contains this security patch (and a later bugfix):
I suspect you're looking in the wrong place.
Does Virusscan for Linux use statically linked libraries, perhaps, or loads them from somewhere in the product's directory tree?
Hi, thanks for the reply. I've ran the above mentioned commands and getting the exact same results, but version shown is 1.0.1e not 1.0.1m.
[root@testvm ~]# which openssl
[root@testvm ~]# ls -l /usr/bin/openssl
-rwxr-xr-x. 1 root root 508656 Jun 17 2014 /usr/bin/openssl
[root@testvm ~]# rpm -qa | grep openssl
As Patch was applied successfully, openssl version should be upgraded to 1.0.1m as per release notes.
Sorry I'm lost about the linked libraries. How can I verify that?
The Linux command ldd is what you need to use.
I don't have virusscan for Linux installed anywhere to check for myself.
Hi, I don't have knowledge about ldd, but I was able to run following commands:
root@testvm ~]# ldd $(which ssh) | grep libssl
libssl3.so => /lib64/libssl3.so (0x00007f16e1a80000)
[root@testvm ~]# ldconfig -p | grep libssl
libssl3.so (libc6,x86-64) => /lib64/libssl3.so
libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10
I still can't find any info related to OpenSSL version 1.0.1m stated in HF release notes.
Can someone please help.
You need to run ldd against the virusscan executable.
Or be pragmatic and accept what McAfee says about the hotfix.
Hint, it's a hotfix for Virusscan for linux, not your OS, so is unlikely to touch any of the OS-installed components.