Unable to update CentOS 6.5 & OpenSSL

af-at-work asked:

When trying to update OpenSSL on CentOS I am getting some odd errors.

#rpm -qi openssl-libs
Name        : openssl-libs                 Relocations: (not relocatable)
Version     : 1.0.1e                            Vendor: (none)
Release     : 19.el6                        Build Date: Thu 02 Jan 2014 07:35:50 PM UTC
Install Date: Thu 02 Jan 2014 07:42:06 PM UTC      Build Host: xxxxxx
Group       : System Environment/Libraries   Source RPM: openssl-1.0.1e-19.el6.src.rpm
Size        : 2668401                          License: OpenSSL
Signature   : (none)
URL         : http://www.openssl.org/
Summary     : A general purpose cryptography library with TLS implementation
Description :
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.

# yum info openssl
Loaded plugins: aliases, replace, security
Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 16.el6_5.4
Size        : 4.0 M
Repo        : installed
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : i686
Version     : 1.0.1e
Release     : 30.el6_5.2
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 30.el6_5.2
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

#openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Jan  8 18:40:59 UTC 2014
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic 

But when I try and run yum to update it there are conflicts:

#yum -y install openssl
Loaded plugins: aliases, replace, security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.4 will be updated
---> Package openssl.x86_64 0:1.0.1e-30.el6_5.2 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================
 Package              Arch                Version                           Repository            Size
=======================================================================================================
Updating:
 openssl              x86_64              1.0.1e-30.el6_5.2                 updates              1.5 M

Transaction Summary
=======================================================================================================
Upgrade       1 Package(s)

Total size: 1.5 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test


Transaction Check Error:
  file /usr/lib64/libcrypto.so.1.0.1e from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/libssl.so.1.0.1e from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/lib4758cca.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libaep.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libatalla.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libcapi.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libchil.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libcswift.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libgmp.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libnuron.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libpadlock.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libsureware.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
  file /usr/lib64/openssl/engines/libubsec.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64

Any help on how to correct this??

UPDATE

Using @Michael’s suggestion, I was able to update OpenSSL

Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 30.el6_5.2
Size        : 4.0 M
Repo        : installed
From repo   : updates

My answer:


You have a package openssl-libs installed on your system, but its provenance is highly questionable. No such binary package was distributed for EL6, as far as I know. While there was a package split, it applies to EL7 only.

To resolve this, you’ll need to remove the questionable openssl-libs package and update the openssl package at the same time. For this you can use yum shell.

# yum shell
> remove openssl-libs
> update openssl
> run

Before you do that, you may want to look at the information for that suspicious package to see if you can identify where it might have come from. Having such packages on the system may be an indication of compromise.

rpm -qi openssl-libs

The information you posted about this package confirms that it isn’t an official package but says nothing about where it came from. You almost certainly want to get rid of it immediately, and initiate a security incident, treating the system as potentially compromised.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.