OpenSSL in 11.2 + 11.1 build service - update?

English Open Build Service (OBS)
1

Unless I’m mistaken, OpenSSL in 11.1 on the SuseStudio service is still version h. Shouldn’t this be updated to correct the vulnerability in OpenSSL’s older versions? What of the version of OpenSSL (k, I believe?) in 11.2 in the SuseStudio service? That version dates to Nov, if I’m not mistaken and a vulnerability was mentioned on web news sites in Dec. Should this version be updated, too? I’m aware users may install their LiveCDs and update from there but not everyone who uses SuseStudio intends to install their customized LiveCD/DVD/usb, but only use it as a LiveCD/DVD/usb.

Thanks for the outstanding SuseStudio service! Happy Holidays to all Suse developers and users!

Edit -> I’m not sure I posted this message in the correct area on these forums. I haven’t tried the Suse build service, only SuseStudio.

2

Hi
You would need to check the ‘changelogs’ as some security fixes are
backported.

And Happy Holidays to you too :slight_smile:

You might also want to ask your question on the security mailing list;
http://en.opensuse.org/Communicate


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.39-0.3-default
up 1 day 6:47, 3 users, load average: 0.14, 0.15, 0.16
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18