Page 1 of 1

[SOLVED] Should I update OpenSSL from 1.0.2k-fips to 1.0.2x because of CVE-2020-1971 ?

Posted: 2020/12/09 07:14:04
by samsara1209
The High severity CVE-2020-1971: https://www.openssl.org/news/vulnerabil ... -2020-1971 says that OpenSSL from version 1.0.2 to 1.0.2w are all affected, and is fixed in 1.0.2x.

Should I update OpenSSL to 1.0.2x ?

Re: Should I update OpenSSL from 1.0.2k-fips to 1.0.2x because of CVE-2020-1971 ?

Posted: 2020/12/09 08:00:20
by TrevorH
No. You should wait for the equivalent fix to be published, first for RHEL and then for CentOS once it's rebuilt. But first it has to come out for RHEL.

Re: Should I update OpenSSL from 1.0.2k-fips to 1.0.2x because of CVE-2020-1971 ?

Posted: 2020/12/09 08:32:42
by samsara1209
TrevorH wrote:
2020/12/09 08:00:20
No. You should wait for the equivalent fix to be published, first for RHEL and then for CentOS once it's rebuilt. But first it has to come out for RHEL.
Thank you very much. :D