openssl 1.0.1j to mitigate CVE vulnerabilities
Issue
- I've been asked to upgrade openssl to 1.0.1j version to mitigate the following CVEs:
SRTP Memory Leak (CVE-2014-3513)
Session Ticket Memory Leak (CVE-2014-3567)
Build option no-ssl3 is incomplete (CVE-2014-3568)
- I cannot find the latest version (1.0.1j) of the openssl package to upgrade
Environment
- Red Hat Enterprise Linux Server 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.