Skip to Main Content

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OpenSSL 3.0.0 Vulnerabilities in Oracle Linux 9

user8059600May 2 2023

Hello,

I've been aware of the critical vulnerabilities of OpenSSL 3.0 since late last year, but, have not seen any updates made available for Oracle Linux to address it. The recommendation at the time was to upgrade to OpenSSL 3.0.5 (and, now, to 3.0.9). But even after installing all available updates to one of our OL 9 systems recently, the system still has OpenSSL 3.0.1. And our vulnerability scanner is still flagging the system has having critical OpenSSL vulnerabilities.

Is an update package available from Oracle, or, do we need to go outside of the distribution (which I'm wary to do for such a critical component) to update it?

Thanks for any advice

Comments
Post Details
Added on May 2 2023
1 comment
1,602 views