[CentOS] Openssl vulnerability

James Hogarth james.hogarth at gmail.com
Thu May 12 08:37:45 UTC 2016


On 12 May 2016 at 09:28, <aswathi.ok at accenture.com> wrote:

> Hi Team,
>
> I have a centos 7 running server with openssl version
> openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability
> from security team, can anyone tell me as per below CVE do I need to update
> my openssl version to 1.0.1t? Or the current version which we have is safe.
>
> CVE-2016-0701, CVE-2015-3197
>
> CVE-2015-4000
>
> CVE-2015-0204
>
> CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209,
> CVE-2015-0288
>
> CVE-2015-0292, CVE-2014-8176
>
>
>
>
Send them this link about RHEL backports - 1.0.1t won't be in EL7.

https://access.redhat.com/security/updates/backporting

You can check the CVE database heer to see what RH has to say about an
issue and if it affects them:

https://access.redhat.com/security/security-updates/#/

Also don't underestimate the power of rpm -q --changelog <packagename> |
grep <CVE-issue> ;)



More information about the CentOS mailing list