Openssl vulnerabilities

hiero_nymus · August 4, 2015, 4:18am

Hi there,

The following openssl package are installed on the machine (openssl-1.0.0-27.el6_4.2.x86_64). It isn't the last version but I need to known if this content Vulnerabilities...
How to check that on RedHat?
Could you please tell me how to find this information??
Thankx

Peasant · August 4, 2015, 5:56am

On your box run :

openssl version

Check this link then :
https://www.openssl.org/news/vulnerabilities.html

This is distribution independent, after you get the version you need, download newer package for your distribution or operating system.

In most cases this will be applied automatically when you do a distribution upgrade.

Hope that helps
Regards
Peasant.

hiero_nymus · August 4, 2015, 7:02am

Do you means that the operating system distributor aligns with the openssl package?

Thank you and best regards,
hiero_nymus

Peasant · August 4, 2015, 8:07am

This is done by distribution vendor.

When they decide to package new version of openssl, it will come to your distribution and be avalible on, for instance, RHEL site if you have subscription. They do this fairly often, especially for big bugs (like we have seen recently).

So patch often and you should be ok.