Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Power

Connect, learn, share, and engage with IBM Power.

Save the Date! watsonx Hackathon - Pre-TechXchange Conference Event

Skip main navigation (Press Enter).

AIX Open Source

View Only

Expand all | Collapse all

Need information abpout OpenSSL for CVE-2024-2511

Vincencio MichaelisThu April 11, 2024 02:42 AM

Hi there is a new CVE for OpenSSL which is corrected but not avail on IBM site to download. When will ...

Sandeep UmeshMon April 15, 2024 10:57 AM

Hello Since this is a LOW severity vulnerability, community has only given a git fix (source code ...

1. Need information abpout OpenSSL for CVE-2024-2511

1 Like
IBM Champion

Vincencio Michaelis
Posted Thu April 11, 2024 02:42 AM

Reply
Hi

there is a new CVE for OpenSSL which is corrected but not avail on IBM site to download. When will you correct this pls ?

CVE‑2024‑2511

We have the latest version installed as per IBM on our AIX LPARs. To fix the vulnerability we need to go 3.0.14* which is not available as of now.

------------------------------
Vincencio Michaelis
------------------------------
2. RE: Need information abpout OpenSSL for CVE-2024-2511

0 Like
Sandeep Umesh
Posted Mon April 15, 2024 10:57 AM

Reply
Hello

Since this is a LOW severity vulnerability, community has only given a git fix (source code patch) for this CVE and have not officially published openssl 3.0.14 version yet.

While we are waiting for the community to release 3.0.14, we are updating our openssl to 3.0.13 version and then take this git fix.

So, we will deliver a fileset which will address this CVE. The VRMF of this fileset will be 3.0.13.1000, it will be delivered through web download pack in early June 2024.

Thanks

------------------------------
Sandeep Umesh
------------------------------

Original Message

Powered by Higher Logic