Hello
Since this is a LOW severity vulnerability, community has only given a git fix (source code patch) for this CVE and have not officially published openssl 3.0.14 version yet.
While we are waiting for the community to release 3.0.14, we are updating our openssl to 3.0.13 version and then take this git fix.
So, we will deliver a fileset which will address this CVE. The VRMF of this fileset will be 3.0.13.1000, it will be delivered through web download pack in early June 2024.
Thanks
------------------------------
Sandeep Umesh
------------------------------
Original Message:
Sent: Thu April 11, 2024 02:42 AM
From: Vincencio Michaelis
Subject: Need information abpout OpenSSL for CVE-2024-2511
Hi
there is a new CVE for OpenSSL which is corrected but not avail on IBM site to download. When will you correct this pls ?
CVE‑2024‑2511
We have the latest version installed as per IBM on our AIX LPARs. To fix the vulnerability we need to go 3.0.14* which is not available as of now.
------------------------------
Vincencio Michaelis
------------------------------