Forum Stats

  • 3,728,470 Users
  • 2,245,631 Discussions
  • 7,853,548 Comments

Discussions

ELSA-2021-9151 - openssl security update

openterprise
openterprise Member Posts: 1 Green Ribbon
edited April 14 in Oracle Linux

Hello, I can see in document ELSA-2021-9151 ( https://linux.oracle.com/errata/ELSA-2021-9151.html ) that fix for vulnerabilities found in openssl package is present in openssl package version 1.1.1g-15.

Can you please confirm that this if fixed in both openssl-1.1.1g-15.el8_3 (standard repository) and openssl-1.1.1g-15.ksplice1.el8_3 (Ksplice repository) packages version?

From Errata document I understand that it is fixed in all 1.1.1g-15 packages, but our security scanner (Nessus) claims that it is only fixed in packages from Ksplice repository:

Remote package installed : openssl-1.1.1g-15.el8_3

Should be : openssl-1.1.1g-15.ksplice1.el8_3

Answers

  • Honglin Su-Oracle
    Honglin Su-Oracle Posts: 70 Employee

    Thanks for letting us know. I checked the changelog. The CVEs were fixed in both openssl-1.1.1g-15.el8_3 (standard repository) and openssl-1.1.1g-15.ksplice1.el8_3 (Ksplice repository).

    For the report discrepancy with Nessus, do you have their SR#? can you please send me an email at honglin.su and I'll connect you with our alliance team to follow up with Nessus.

Sign In or Register to comment.