On Tuesday, 2 April 2019 15:02:29 CEST Srinivasan T wrote: > Hi Team, > > Recently we have upgraded to CentOS 7.6.1810 and the OpenSSL comes along > with CentOS 7.6 is openssl-1.0.2k-16.el7_6.1.x86_64. We understand there > are no updates available / backported in CentOS 7.6 mirrors beyond > openssl-1.0.2k. > > Can we upgrade OpenSSL to 1.0.2r (for CVE fixes)? Is it right way to get it > upgraded ourself though there are no updates from CentOS. the version of the package represents only the oldest code that's equal with the upstream releases; see RPM changelog for the CVE fixes also: https://access.redhat.com/security/updates/backporting -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
