Hello,
I've been aware of the critical vulnerabilities of OpenSSL 3.0 since late last year, but, have not seen any updates made available for Oracle Linux to address it. The recommendation at the time was to upgrade to OpenSSL 3.0.5 (and, now, to 3.0.9). But even after installing all available updates to one of our OL 9 systems recently, the system still has OpenSSL 3.0.1. And our vulnerability scanner is still flagging the system has having critical OpenSSL vulnerabilities.
Is an update package available from Oracle, or, do we need to go outside of the distribution (which I'm wary to do for such a critical component) to update it?
Thanks for any advice