OpenSSL Vulnerability found

Latest response

Hi All,

Good day and i may need some help from you all.
I have two RHEL server running on Cluster.
My side found some Vulnerability for OpenSSL as below :
1. CVE-2018-0732
2. CVE-2018-0737
3. CVE-2018-0739

And my team would like to upgrade the OpenSSL package.
Current packages for OpenSSL : 1.0.2K

Which packages can we upgrade to since i noticed that the latest version of OpenSSL is also 1.0.2K.

Can we upgrade it with custom package which is not from Redhat itself?

LC
Log in to join the conversation

Responses

Jamie Bainbridge's picture Red Hat Guru 7257 points
4 September 2018 3:30 AM

You can look these up in our CVE database:

These are all Low/Moderate. Some products have an errata already, and some are "Affected" so will likely have an errata released in time.

LC Newbie 15 points
4 September 2018 3:34 AM

Hi Jammie,

If i upgrade it to custom OpenSSL package , what will be the impact?

Jamie Bainbridge's picture Red Hat Guru 7257 points
4 September 2018 6:28 AM

Such third-party software is not supplied, or supported, or tested by Red Hat so we cannot say what the impact will be. It might work, it might not.

LC Newbie 15 points
13 September 2018 6:33 AM

Hi Jamie,

May i know when will redhat fix this on next release? When will be the next release?

Jamie Bainbridge's picture Red Hat Guru 7257 points
13 September 2018 7:29 AM

Given that none of these are high severity, they will likely be targeted for the next release of their applicable products.

The next RHEL minor release (RHEL 7.6) is targeted for Q4 2018.

I am not certain on other products, but can look into those if needed.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.