openssl vulnerabilities fix issue

Latest response

could you please provide the a patch list and where to download them for the following openssl vulnerabilites fix. thanks
CVE-2015-0292
CVE-2014-8176
CVE-2014-3567
CVE-2014-3513
CVE-2014-3512
CVE-2015-1792
CVE-2015-1791
CVE-2015-1790
CVE-2015-1789
CVE-2015-1788
CVE-2015-0293
CVE-2015-0289
CVE-2015-0288
CVE-2015-0287
CVE-2015-0286
CVE-2015-0209
CVE-2015-0206
CVE-2015-0205
CVE-2015-0204
CVE-2014-8275
CVE-2014-5139
CVE-2014-3572
CVE-2014-3570
CVE-2014-3568
CVE-2014-3566
CVE-2014-3511
CVE-2014-3510
CVE-2014-3509
CVE-2014-3508
CVE-2014-3507
CVE-2014-3506
CVE-2014-3505
CVE-2014-3470
CVE-2014-0224
CVE-2014-0221
CVE-2014-0198
CVE-2014-0195
CVE-2014-0160
CVE-2014-0076
CVE-2013-6450
CVE-2013-6449
CVE-2013-4353
CVE-2010-5298

Responses

Hello

I think this is what you are looking for Security Updates Red Hat CVE Database.

Also note that on the Downloads page you will see Errata for Red Hat Products, go to that page and then select the product you have. On the following search page enter openssl in the search box to see all errata for that package.

I assume these OpenSSL questions are due to a security audit?

Which tool are you using to audit your systems?

What version of the RHEL OS are you running?

If you have the latest version of OpenSSL installed for el6/el7 the patches will be backported. Some auditing tools look at the version of the package only, which isn't correct (especially when patches are backported). The changelog for your RPM will detail which CVEs are addressed in the package.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.