Hallo Andreas,
>> # yum downgrade openssl\*
>> and will get the 1.0.0-27 from EMI third-party repository. With the
>> condition that emi2/3-third-party reopsitories have the same priority as
>> the sl-security repository (usually priority=1).
>
> an alternative is to install yum-plugin-versionlock and then:
>
> [root@lcg-cream ~]# cat /etc/yum/pluginconf.d/versionlock.list
> 0:openssl-devel-1.0.0-27.el6.x86_64
> 0:openssl-1.0.0-27.el6.x86_64
>
> But this is a real mess - we are currently in the situation to either
> run an insecure service [...]
How important is the security issue with 1.0.0-27 for our services?
|