Problem:
There is a new CVE for CentOS 7 and openssl and there are no patches are available.Need to know if there is a recommendations for a version of openssl on CentOS 7? CentOS-7 only has 1.0.2 available from the standard repos and we are not sure if there are any conflicts with 1.1.1 or 3.0.2
Expected outcome:
Remediate the vulnerabilities with openssl CVE-2022-0778
Foreman and Proxy versions:
Foreman: 2.4.1
foreman-tasks: 4.0.1
foreman_remote_execution: 4.3.0
katello: 4.0.3
Foreman and Proxy plugin versions:
2.4.1
Distribution and version:
CentOS Linux release 7.9.2009
3.10.0-1160.59.1.el7
Other relevant data:
Installed and latest available version from CentOS
openssl.x86_64 1:1.0.2k-24.el7_9
openssl-libs.x86_64 1:1.0.2k-24.el7_9
Minimum required version to remediate:
https://www.openssl.org/news/secadv/20220315.txt
OpenSSL 1.0.2 users should upgrade to 1.0.2zd (premium support customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1n
OpenSSL 3.0 users should upgrade to 3.0.2