openSuse and open ssl 1.0.0 compliancy problem

FAH provides a V7 client installer for Debian / Mint / Ubuntu / RedHat / CentOS / Fedora. Installation on other distros may or may not be easy but if you can offer help to others, they would appreciate it.

Moderators: Site Moderators, PandeGroup

openSuse and open ssl 1.0.0 compliancy problem

Postby promeneur » Thu Oct 10, 2019 1:22 pm

folding@home is not compliant with opensuse open ssl 1.0.0 if version is > 1.0.2j

where is the problem ? in opensuse or FAH ?

i submitted the problem to opensuse team. Here is the answer of openSuse team

https://bugzilla.suse.com/show_bug.cgi?id=1152573

***************************************************************************************************************************************************
The problem is really on the side of folding@home.
They only support an old insecure version of the openssl library.

OpenSSL 1.0.2j is more than three years old (released 22 Sep 2016) and contains at least 15 unfixed security vulnerabilities (CVE).

openSUSE won't support the old library just for the sake of one package that's not even packaged in the distribution.

The solution you listed on the forums, puts your whole system at risk, as you're essentially replacing the system openssl with the obsolete 1.0.2j.

What you should do, is to urge folding@home to support an up-to-date version of the openssl library.
As the 1.0.2 branch is going out of support upstream at the end of the year, they should definitely switch to the 1.1.1 branch.
***************************************************************************************************************************************************

what fah dev can answer to this?

thanks
promeneur
 
Posts: 66
Joined: Tue Aug 07, 2012 11:59 am

Return to Q&A about unsupported distros of Linux

Who is online

Users browsing this forum: No registered users and 1 guest

cron