CVE-2022-0778 and CentOS-7

There is a new CVE for CentOS 7 and openssl and there are no patches are available.Need to know if there is a recommendations for a version of openssl on CentOS 7? CentOS-7 only has 1.0.2 available from the standard repos and we are not sure if there are any conflicts with 1.1.1 or 3.0.2

Expected outcome:
Remediate the vulnerabilities with openssl CVE-2022-0778

Foreman and Proxy versions:
Foreman: 2.4.1
foreman-tasks: 4.0.1
foreman_remote_execution: 4.3.0
katello: 4.0.3

Foreman and Proxy plugin versions:
Distribution and version:
CentOS Linux release 7.9.2009

Other relevant data:
Installed and latest available version from CentOS
openssl.x86_64 1:1.0.2k-24.el7_9
openssl-libs.x86_64 1:1.0.2k-24.el7_9

Minimum required version to remediate:
OpenSSL 1.0.2 users should upgrade to 1.0.2zd (premium support customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1n
OpenSSL 3.0 users should upgrade to 3.0.2


you better ask at CentOS, but let me give you the answer.

RHEL 6 and 7 is NOT affected by this bug, the way Red Hat compiles/configures OpenSSL mitigates this vulnerability. See:

Further discussion:

Thank you for your reply. We will assume this will not affect us.

Thanks again.

1 Like