yum and openssl disagree on currently installed version in Centos 6.5

yum openssl centos

5,055

I might be mistaken but what I see is the same version ?

you have openssl.x86_64 1.0.1e-16.6_5.7 installed

and your openssl reports the same version : OpenSSL 1.0.1e-fips 11 Feb 2013

5,055

bschlueter

I've been coding regularly since I began high school and was introduced to logic, the procedural paradigm, and data structures with Pascal and an amusing robot named Karel. I was then taught Java, so as to please the AP overseers, and found respite in Python. I have been developing my knowledge since that time, furthering my knowledge of Python, and learning bits of Javascript, Ruby, Bash, PHP, Haskell, Erlang, Go, C and everything else I run into along the way. Day to day, I use Vagrant, Ansible, and bash, and live in Zsh with Zprezto inside of Tmux, using Vim for editing.

Updated on September 18, 2022

Comments

bschlueter almost 2 years

I'm attempting to ensure that we are using the most recent openssl version on Centos 6.5, and yum reports that we are, but openssl continues to report that its version is an older one:

[vagrant@centos-65-developer ~]$ sudo yum list openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.trouble-free.net
 * extras: mirrors.gigenet.com
 * rpmforge: fr2.rpmfind.net
 * updates: centos.sonn.com
Installed Packages
openssl.x86_64                      1.0.1e-16.6_5.7                   @updates

Available Packages
openssl.i686                        1.0.1e-16.el6_5.7                 updates

[vagrant@centos-65-developer ~]$ openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr  8 02:39:29 UTC 2014
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic

Does Centos' openssl always report incorrectly, or is this machine truly running the old version (1.0.1e-fips)?

mleonard about 10 years

You can also see that your openssl was built yesterday ("Tue Apr 8 02:39:29 UTC 2014"), so you really have the most recent package. Most probably, CentOS, similar to other distributors, just patched the 1.0.1e release instead of pushing an upgrade to 1.0.1g.

bschlueter about 10 years

You're not looking at the whole version. Yum reports 1.0.1e-16.6_5.7 and openssl reports 1.0.1e-fips.
bschlueter about 10 years

Okay, cool, between this and the build time, I'm confident in the update. The reason I was concerned was because the rpm release 16.6_5.7 is a patched version of openssl for the heartbleed bug, but is still the same openssl version as the prior, broken version, release 16.e16_5.4.
bschlueter about 10 years

The issue was the build version, not the architecture. I manually ran yum update openssl to get the current version, and openssl's version reporting threw me off.