[El-errata] New openssl does not require Ksplice updates (ELSA-2022-5818)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Aug 10 18:56:41 UTC 2022
Synopsis: ELSA-2022-5818 does not address vulnerabilities that can be live-patched
CVEs: CVE-2022-1292 CVE-2022-2068 CVE-2022-2097
The recently released openssl, 1.1.1k-7.el8_6, does not make changes
that necessitate zero downtime updates.
* Note: Oracle will not provide a zero-downtime update for CVE-2022-1292 or CVE-2022-2068.
The c_rehash script affected by this CVE is not a utility that requires
live patching. It should be straightforward to replace vulnerable
scripts with patched versions without any downtime. However, use of the
c_rehash script is considered obsolete, and should be replaced by the
OpenSSL rehash command line tool, which is not affected by this
* Note: Oracle has determined that CVE-2022-2097 is not applicable.
OpenSSL is not affected by CVE-2022-2097 since the code under
consideration is not compiled.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata