Upgrading OpenSSL in CentOS
Hubert Kario
hkario at redhat.com
Tue Apr 2 14:08:57 UTC 2019
On Tuesday, 2 April 2019 15:02:29 CEST Srinivasan T wrote:
> Hi Team,
>
> Recently we have upgraded to CentOS 7.6.1810 and the OpenSSL comes along
> with CentOS 7.6 is openssl-1.0.2k-16.el7_6.1.x86_64. We understand there
> are no updates available / backported in CentOS 7.6 mirrors beyond
> openssl-1.0.2k.
>
> Can we upgrade OpenSSL to 1.0.2r (for CVE fixes)? Is it right way to get it
> upgraded ourself though there are no updates from CentOS.
the version of the package represents only the oldest code that's equal with
the upstream releases; see RPM changelog for the CVE fixes
also:
https://access.redhat.com/security/updates/backporting
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190402/3e87dcd3/attachment.sig>
More information about the openssl-users
mailing list