CentOS7.5.1804 - PCI Compliance : CVE-2018-0732

General support questions
Post Reply
rodrigobrz
Posts: 3
Joined: 2018/11/13 00:08:19

CentOS7.5.1804 - PCI Compliance : CVE-2018-0732

Post by rodrigobrz » 2018/11/13 00:21:23

Fellow CentOS SysOps,
I am having a hard time trying to fix CVEs related to openssl 1.0.2k-fips.

CVE-2018-0732 is one of them. Looks like RedHat provides an errata for this problem, which bumps the RPM version from CentOS 12 to 16
(openssl-1.0.2k-16.el7.x86_64.rpm). Looks like its a preview version that will be released with RHEL7.6, only available to older versions through the errata rpms.

Does Red Hat allows anyone to have access to these errata files or they are only available to users with subscription?
Is there a way to fix CVE-2018-0732 on CentOS 7.5.1804?
https://access.redhat.com/security/cve/cve-2018-0732

Best regards,
Rodrigo

User avatar
TrevorH
Forum Moderator
Posts: 24098
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS7.5.1804 - PCI Compliance : CVE-2018-0732

Post by TrevorH » 2018/11/13 00:48:43

It'll be part of CentOS 7.6. That will first be made available using the CR repo in a day or 6 once QA is complete.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

rodrigobrz
Posts: 3
Joined: 2018/11/13 00:08:19

Re: CentOS7.5.1804 - PCI Compliance : CVE-2018-0732

Post by rodrigobrz » 2018/11/13 19:47:33

TrevorH wrote:
2018/11/13 00:48:43
It'll be part of CentOS 7.6. That will first be made available using the CR repo in a day or 6 once QA is complete.
Hello Trevor, I much appreciate your response.
Thank you very much.

rodrigobrz
Posts: 3
Joined: 2018/11/13 00:08:19

Re: CentOS7.5.1804 - PCI Compliance : CVE-2018-0732

Post by rodrigobrz » 2018/11/13 19:54:35

Since its so close, I will look into the next release as mentioned by TrevorH, but I wonder...
Is that the only way? I was able to find new versions of OpenSSL on the web, from other distros. Is it even an option to go "independet" and try to install
an unofficial package?

I would really appreciate to hear what you guys do when is time to do the vulnerability scan and there are no official solutions
for a CVE. Doing my research I found cases where a security level were high for the scanner company and low to RH, so they
would not provide a fix. Thankfully it did not happen to me and most of my problems could be fixed with updates or changes in the
server configuration.

Thank you guys, for all the help.

User avatar
avij
Forum Moderator
Posts: 2791
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CentOS7.5.1804 - PCI Compliance : CVE-2018-0732

Post by avij » 2018/11/16 10:37:13

The aforementioned CR repo is now available. Try yum update --enablerepo=cr

Post Reply