Openssl vulnerabilities

Latest response

Hi all,

just received this bulletin about recent vulnerabilities found and corrected on openssl. (CVE-2021-3450 (OpenSSL advisory) and CVE-2021-3449)
As I administer some RHEL6 (I know EOL status),7 and 8, I would like to know if I have to worry or is addressed on the repo distributed version?

Thank you very much

Responses

Hi Miguel,

Check this website cve-2021-3449 and you may see that you do not have to worry about RHEL 6 and 7.

Regards,

Jan Gerrit

Thank you very much Jan, is the patch expected for RHEL8, or should we install it manually from openssl source?

Thanks

If you follow the link provided, you'll see that RHEL8 was patched with Errata RHSA-2021:1024 which provided package openssl-1.1.1g-15.el8_3.

Thank you Jamie, por pointing me the right direction...very kind. Perhaps Jan provided link should be updated with the fix for RH8 field?

Nvm, just saw it was updated :)

All good mate :)