openssl 1.0.2o update

[Park]

I'm using centos 7.4.1708
The current openssl version is 1.0.2k
I want to upgrade the openssl version(1.0.2o) through yum.
When I execute the yum update openssl command, the openssl version is displayed as the latest.
How can I update the openssl version with yum?
If we can't do it now, when can we make it?

[TrevorH]

You a) cannot b) should not and c) probably don't need to do this.

Why do you think you need to do so?

Please read https://access.redhat.com/security/updates/backporting to discover how security fixes are backported from newer versions to the versions that come as part of RHEL (and thus CentOS).

[Park]

The openssl 1.0.2k version has a vulnerability. , I want to upgrade the version.
If the source is installed without yum, there is a lot of work due to dependence on other packages
So I want to upgrade the openssl version through yum

When will openssl 1.0.1o be distributed through yum?
Can't you tell me the distribution plan?

[TrevorH]

The openssl 1.0.2k version has a vulnerability. , I want to upgrade the version.

What vulnerability? Got a CVE number? Did you read the RH link about how they handle this? Did you see there that it has doc on how to query the system to find out if that CVE has already been fixed?

1.0.1o will probably not come to CentOS 7. Openssl rebases are few and very far between and there has already been one for CentOS 7.4 which updated it from 1.0.1e to 1.02k. It is very unlikely that there will be another rebase but if there are CVEs then the fixes for those will get backported by RH to the RHEL 1.0.2k copy.

[Park]

CVE code is CVE-2018-0739

[TrevorH]

Current status can be seen on https://access.redhat.com/security/cve/cve-2018-0739 and the linked bugzilla entry.

[Park]

Where can I confirm the distribution date?

[tunk]

Code: Select all

rpm -qi openssl
rpm -qa --last|more