AIX

 View Only
Expand all | Collapse all

OpenSSL 1.1.1g level on AIX to cover CVE ?

  • 1.  OpenSSL 1.1.1g level on AIX to cover CVE ?

    Posted Fri April 02, 2021 12:05 PM
    Hi

    team this is the CVE 
    Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2020-1968, CVE-2020-1971)
    Ibm remove preview
    Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2020-1968, CVE-2020-1971)
    There are vulnerabilities in OpenSSL used by AIX.
    View this on Ibm >


    We wonder why the AIX did not deliver the openSSL 1.1.1g that will address all the security bulletin from openssl.

    Can the customer install the OpenSSL 1.1.1g its own or the package delivered in that link contains all the security fix from OpenSSL 1.1.1g backported on openssl 1.0.2?

    thanks


    ------------------------------
    Donatella Sabellico
    ------------------------------


  • 2.  RE: OpenSSL 1.1.1g level on AIX to cover CVE ?

    Posted Fri April 30, 2021 03:27 AM
    I think there are ifixes provided as mentioned in the security bulletin for 1.0.2 version of openssl.

    ------------------------------
    SANKET RATHI
    ------------------------------