kbannister Absent Member.
Absent Member.
319 views

SLES 11 sp4 OPENSSL - Vulnerability

Our Security Patch Administrator told me to remediate vulnerabilities on several SLES 11 sp4 OES 2015.1 servers. In regard to CVE-2015-0204 which is from 2015.

I know these servers, which I inherited, have been patched many times since 2015.

Current openssl version>0.9.8j-fips 07 Jan 2009.

The CVE says to update from OpenSSL 0.9.8 to 0.9.8zd. However this update is not in the Online Update channel.

The Change Log for Openssl Security Updates has CVE-2015-0204 as an entry. Does this mean the vulnerability was fixed back in 2015. Thank you!
Labels (2)
0 Likes
2 Replies
kbannister Absent Member.
Absent Member.

Re: SLES 11 sp4 OPENSSL - Vulnerability

Disregard - they were confused. Sheesh ....
0 Likes
Knowledge Partner
Knowledge Partner

Re: SLES 11 sp4 OPENSSL - Vulnerability

On 03/25/2019 08:04 AM, kbannister wrote:
>
> Our Security Patch Administrator told me to remediate vulnerabilities on
> several SLES 11 sp4 OES 2015.1 servers. In regard to CVE-2015-0204
> which is from 2015.
>
> I know these servers, which I inherited, have been patched many times
> since 2015.
>
> Current openssl version>0.9.8j-fips 07 Jan 2009.
>
> The CVE says to update from OpenSSL 0.9.8 to 0.9.8zd. However this
> update is not in the Online Update channel.
>
> The Change Log for Openssl Security Updates has CVE-2015-0204 as an
> entry. Does this mean the vulnerability was fixed back in 2015. Thank
> you!


Yes, that's exactly what it means. Versions do not matter as much as
actual code, so if you run enterprise software (e.g. SLES) you may often
find things like versions indicating there is an issue when in fat the
issue was fixed. This is an old issue, circa Shakespearean times: "A rose
by any other name...".

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.