[El-errata] New openssl does not require Ksplice updates (ELSA-2022-5818)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Aug 10 18:56:41 UTC 2022

Synopsis: ELSA-2022-5818 does not address vulnerabilities that can be live-patched
CVEs: CVE-2022-1292 CVE-2022-2068 CVE-2022-2097

The recently released openssl, 1.1.1k-7.el8_6, does not make changes
that necessitate zero downtime updates.


* Note: Oracle will not provide a zero-downtime update for CVE-2022-1292 or CVE-2022-2068.

The c_rehash script affected by this CVE is not a utility that requires
live patching.  It should be straightforward to replace vulnerable
scripts with patched versions without any downtime.  However, use of the
c_rehash script is considered obsolete, and should be replaced by the
OpenSSL rehash command line tool, which is not affected by this

* Note: Oracle has determined that CVE-2022-2097 is not applicable.

OpenSSL is not affected by CVE-2022-2097 since the code under
consideration is not compiled.


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list