Fellow CentOS SysOps,
I am having a hard time trying to fix CVEs related to openssl 1.0.2k-fips.
CVE-2018-0732 is one of them. Looks like RedHat provides an errata for this problem, which bumps the RPM version from CentOS 12 to 16
(openssl-1.0.2k-16.el7.x86_64.rpm). Looks like its a preview version that will be released with RHEL7.6, only available to older versions through the errata rpms.
Does Red Hat allows anyone to have access to these errata files or they are only available to users with subscription?
Is there a way to fix CVE-2018-0732 on CentOS 7.5.1804?
https://access.redhat.com/security/cve/cve-2018-0732
Best regards,
Rodrigo
CentOS7.5.1804 - PCI Compliance : CVE-2018-0732
Re: CentOS7.5.1804 - PCI Compliance : CVE-2018-0732
It'll be part of CentOS 7.6. That will first be made available using the CR repo in a day or 6 once QA is complete.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 3
- Joined: 2018/11/13 00:08:19
-
- Posts: 3
- Joined: 2018/11/13 00:08:19
Re: CentOS7.5.1804 - PCI Compliance : CVE-2018-0732
Since its so close, I will look into the next release as mentioned by TrevorH, but I wonder...
Is that the only way? I was able to find new versions of OpenSSL on the web, from other distros. Is it even an option to go "independet" and try to install
an unofficial package?
I would really appreciate to hear what you guys do when is time to do the vulnerability scan and there are no official solutions
for a CVE. Doing my research I found cases where a security level were high for the scanner company and low to RH, so they
would not provide a fix. Thankfully it did not happen to me and most of my problems could be fixed with updates or changes in the
server configuration.
Thank you guys, for all the help.
Is that the only way? I was able to find new versions of OpenSSL on the web, from other distros. Is it even an option to go "independet" and try to install
an unofficial package?
I would really appreciate to hear what you guys do when is time to do the vulnerability scan and there are no official solutions
for a CVE. Doing my research I found cases where a security level were high for the scanner company and low to RH, so they
would not provide a fix. Thankfully it did not happen to me and most of my problems could be fixed with updates or changes in the
server configuration.
Thank you guys, for all the help.
Re: CentOS7.5.1804 - PCI Compliance : CVE-2018-0732
The aforementioned CR repo is now available. Try yum update --enablerepo=cr