Re: [CentOS] Openssl vulnerability

12 May 2016


      On 12 May 2016 at 09:28, aswathi.ok@accenture.com wrote:
...
Hi Team,
I have a centos 7 running server with openssl version
openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability
from security team, can anyone tell me as per below CVE do I need to update
my openssl version to 1.0.1t? Or the current version which we have is safe.
CVE-2016-0701, CVE-2015-3197
CVE-2015-4000
CVE-2015-0204
CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209,
CVE-2015-0288
CVE-2015-0292, CVE-2014-8176
Send them this link about RHEL backports - 1.0.1t won't be in EL7.
https://access.redhat.com/security/updates/backporting
You can check the CVE database heer to see what RH has to say about an
issue and if it affects them:
https://access.redhat.com/security/security-updates/#/
Also don't underestimate the power of rpm -q --changelog <packagename> |
grep <CVE-issue> ;)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Openssl vulnerability