VOOZH about

URL: https://repost.aws/questions/QUaugGX-qTQAGlNnaQil5zig/is-openssl-1-0-2k-updated

⇱ Is OpenSSL 1.0.2k Updated? | AWS re:Post


Skip to content

Is OpenSSL 1.0.2k Updated?

0

Running yum update openssl as advised on the Linux 2 security advisories like this one: https://alas.aws.amazon.com/AL2/ALAS-2022-1766.html doesn't update OpenSSL past version 1.0.2k.

My PCI scan continues to fail based on version 1.0.2k of OpenSSL being vulnerable.

Is Amazon updating OpenSSL to fix the vulnerabilities but not changing the version letter?

Language
English

asked 4 years ago7.9K views

1 Answer
  • Newest
  • Most votes
  • Most comments
1
Accepted Answer

Hi

Yes, you are correct Amazon does backport security fixes for Amazon Linux 2, this means that Amazon takes fixes out of the most recent version of upstream software packages and applies it to the version of the package on Amazon Linux 2. The available version of openssl-1.0.2k is kept up to date with all security fixes for openssl.

Can review the Amazon Linux FAQs here: https://aws.amazon.com/amazon-linux-2/faqs/

SUPPORT ENGINEER

answered 4 years ago