We haven't addressed these vulnerabilities because there are no updates offered when checking, but it has come time for us to clear what we can. I can't seem to find much guidance on this, was hoping Nagios Support had some idea as there are so many of them:
OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2u Procedure Overflow Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2w Information Disclosure Medium
OpenSSL 1.0.2 < 1.0.2x Null Pointer Dereference Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2y Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2za Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2zd Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2ze Vulnerability Critical
OpenSSL 1.0.2 < 1.0.2zf Vulnerability Critical
OpenSSL 1.0.2 < 1.0.2zg Multiple Vulnerabilities High
OpenSSL 1.0.2 < 1.0.2zh Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2zi Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2zj Vulnerability Medium
OpenSSL 1.0.x < 1.0.2m RSA/DSA Unspecified Carry Issue Medium
OpenSSL 1.0.x < 1.0.2o Multiple Vulnerabilities Medium
OpenSSL 1.0.x < 1.0.2p Multiple Vulnerabilities Medium
OpenSSL 1.0.x < 1.0.2q Multiple Vulnerabilities Medium
OpenSSL 1.0.x < 1.0.2r Information Disclosure Vulnerability Medium
Once again, just wondering if there was some recommended way of tackling these as simply updating them thru yum doesnt seem to be one of them!
Seeking Guidance on MANY OpenSSL vulnerabilities
Re: Seeking Guidance on MANY OpenSSL vulnerabilities
Thanks for reaching out @LAPFCU,
I'm taking some liberties and assuming you have an older version of CentOS or some other variant of RPM Linux. Take a look a this link here because I believe it applies here.
https://access.redhat.com/security/updates/backporting
Let me know if it doesn't.
I'm taking some liberties and assuming you have an older version of CentOS or some other variant of RPM Linux. Take a look a this link here because I believe it applies here.
https://access.redhat.com/security/updates/backporting
Let me know if it doesn't.
Re: Seeking Guidance on MANY OpenSSL vulnerabilities
Thanks for your response!
So, to be honest, the best move would be to use a newer compatible version of linux eh?
Also, feel free to close this issue out, thank you for your assistance!
Heres our release output:
CentOS Linux release 7.9.2009 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.9.2009 (Core)
CentOS Linux release 7.9.2009 (Core)
So, to be honest, the best move would be to use a newer compatible version of linux eh?
Also, feel free to close this issue out, thank you for your assistance!Heres our release output:
CentOS Linux release 7.9.2009 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.9.2009 (Core)
CentOS Linux release 7.9.2009 (Core)