is there any vulnerability related to openssl ?

Latest response

i updated openssl package in my server and the version of openssl is OpenSSL 1.0.1e-fips 11 Feb 2013

# rpm -q openssl
openssl-1.0.1e-30.el6_6.8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.2 (Santiago)

i want to make sure if my server is secure or there is any vulnerability related to openssl ?

TS
Log in to join the conversation

Responses

os-unix's picture Active Contributor 146 points
27 April 2015 11:51 AM

Yes
and too many bugs to mention
I suggest to go for an RHEL 6.6+ update

TS Community Member 54 points
27 April 2015 12:40 PM

so with this version we have any issues or not ? openssl-1.0.1e-30.el6_6.8.x86_64

PS Guru 6494 points
28 April 2015 3:17 AM

That is currently the latest version of OpenSSL available for RHEL 6.x, and one would assume that any outstanding/identified security issue fixes have been backported to it.

https://access.redhat.com/downloads/content/rhel---6/x86_64/168/openssl/1.0.1e-30.el6_6.8/x86_64/fd431d51/package

If you have a specific CVE you are concerned about, you can look in the changelog of the package to confirm if a fix is included.

This version is from 26th of March 2015.

TS Community Member 54 points
28 April 2015 6:27 AM

does it cover this issue
SSLv3 Vulnerability (POODLE)

SW Red Hat Guru 4022 points
28 April 2015 6:53 AM

This page is a good starting point POODLE: SSLv3 vulnerability (CVE-2014-3566)

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.