AIX Open Source

 View Only
Expand all | Collapse all

Need information abpout OpenSSL for CVE-2024-2511

  • 1.  Need information abpout OpenSSL for CVE-2024-2511

    IBM Champion
    Posted Thu April 11, 2024 02:42 AM

    Hi

    there is a new CVE for OpenSSL which is corrected but not avail on IBM site to download. When will you correct this pls ?

    CVE‑2024‑2511

    We have the latest version installed as per IBM  on our AIX LPARs. To fix the vulnerability we need to go 3.0.14* which is not available as of now.



    ------------------------------
    Vincencio Michaelis
    ------------------------------


  • 2.  RE: Need information abpout OpenSSL for CVE-2024-2511

    Posted Mon April 15, 2024 10:57 AM

    Hello

    Since this is a LOW severity vulnerability, community has only given a git fix (source code patch) for this CVE and have not officially published openssl 3.0.14 version yet.

    While we are waiting for the community to release 3.0.14, we are updating our openssl to 3.0.13 version and then take this git fix. 

    So, we will deliver a fileset which will address this CVE. The VRMF of this fileset will be 3.0.13.1000, it will be delivered through web download pack in early June 2024.

    Thanks



    ------------------------------
    Sandeep Umesh
    ------------------------------