The High severity CVE-2020-1971: https://www.openssl.org/news/vulnerabil ... -2020-1971 says that OpenSSL from version 1.0.2 to 1.0.2w are all affected, and is fixed in 1.0.2x.
Should I update OpenSSL to 1.0.2x ?
[SOLVED] Should I update OpenSSL from 1.0.2k-fips to 1.0.2x because of CVE-2020-1971 ?
- samsara1209
- Posts: 2
- Joined: 2020/12/09 06:36:43
[SOLVED] Should I update OpenSSL from 1.0.2k-fips to 1.0.2x because of CVE-2020-1971 ?
Last edited by samsara1209 on 2020/12/09 08:36:59, edited 1 time in total.
Re: Should I update OpenSSL from 1.0.2k-fips to 1.0.2x because of CVE-2020-1971 ?
No. You should wait for the equivalent fix to be published, first for RHEL and then for CentOS once it's rebuilt. But first it has to come out for RHEL.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
- samsara1209
- Posts: 2
- Joined: 2020/12/09 06:36:43