On 12 May 2016 at 09:28, <aswathi.ok@xxxxxxxxxxxxx> wrote:
> Hi Team,
>
> I have a centos 7 running server with openssl version
> openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability
> from security team, can anyone tell me as per below CVE do I need to update
> my openssl version to 1.0.1t? Or the current version which we have is safe.
>
> CVE-2016-0701, CVE-2015-3197
>
> CVE-2015-4000
>
> CVE-2015-0204
>
> CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209,
> CVE-2015-0288
>
> CVE-2015-0292, CVE-2014-8176
>
>
>
>
Send them this link about RHEL backports - 1.0.1t won't be in EL7.
https://access.redhat.com/security/updates/backporting
You can check the CVE database heer to see what RH has to say about an
issue and if it affects them:
https://access.redhat.com/security/security-updates/#/
Also don't underestimate the power of rpm -q --changelog <packagename> |
grep <CVE-issue> ;)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
