Re: Openssl vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/12/2016 03:28 AM, aswathi.ok@xxxxxxxxxxxxx wrote:
> Hi Team,
> 
> I have a centos 7 running server with openssl version openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability from security team, can anyone tell me as per below CVE do I need to update my openssl version to 1.0.1t? Or the current version which we have is safe.
> 
> CVE-2016-0701, CVE-2015-3197
> 
> CVE-2015-4000
> 
> CVE-2015-0204
> 
> CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288
> 
> CVE-2015-0292, CVE-2014-8176

https://access.redhat.com/security/cve/CVE-2016-0701

substitute the other CVE numbers for the rest, also:

https://access.redhat.com/security/cve/CVE-2015-3197

(and so on)

So, Red Hat says CVE-2016-0701 does not impact any releases (no
updates), and if you look at the CVE-2015-3197, it lists all the
applicable updates.

If you check all the CVE's in question, you can find out all your answers.

CentOS has a CentOS-announce mailing list where you can see our released
updates:

https://lists.centos.org/pipermail/centos-announce/

For example, CVE-2015-3197 lists 'RHSA-2016:0301' on '2016-03-01', so to
see if CentOS released an update .. click on the March 2016 link and
then you will see this:

https://lists.centos.org/pipermail/centos-announce/2016-March/thread.html

And on that page, you can find 2016:0301 for CentOS-6 .. it leads to
this link:

https://lists.centos.org/pipermail/centos-announce/2016-March/021712.html

So, if you have openssl-1.0.1e-42.el6_7.4 or later, it has the changes
rolled in for that CVE, etc.







Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux