Will Red Hat backport CVEs of June 2015 OpenSSL Vulnerabilities to RHEL 5
Issue
Please advise if there are any updates to the OpenSSL package that will address the below CVE for RHEL5? If none, what are the mitigation steps?
- CVE-2014-8176 - Invalid free in DTLS
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
- CVE-2015-1791 - Race condition handling NewSessionTicket
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
Environment
-
Red Hat Enterprise Linux (RHEL) 5.11
-
OpenSSL
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.