By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is OpenSSL 1.0.2k Updated?

0

Running yum update openssl as advised on the Linux 2 security advisories like this one: https://alas.aws.amazon.com/AL2/ALAS-2022-1766.html doesn't update OpenSSL past version 1.0.2k.

My PCI scan continues to fail based on version 1.0.2k of OpenSSL being vulnerable.

Is Amazon updating OpenSSL to fix the vulnerabilities but not changing the version letter?

Topics
AWS Well-Architected Framework
Tags
Security
Language
English
rePost-User-6223830
asked 2 years ago6358 views
1 Answer
1
Accepted Answer

Hi

Yes, you are correct Amazon does backport security fixes for Amazon Linux 2, this means that Amazon takes fixes out of the most recent version of upstream software packages and applies it to the version of the package on Amazon Linux 2. The available version of openssl-1.0.2k is kept up to date with all security fixes for openssl.

Can review the Amazon Linux FAQs here: https://aws.amazon.com/amazon-linux-2/faqs/

profile pictureAWS
SUPPORT ENGINEER
Lundi
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content