OpenSSL updates

[Hedloff]

Hello,

Why hasn't OpenSSL version been updated for years?
On EA3 server:
[email protected] [~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[email protected] [~]# rpm -qa | grep openssl
alt-openssl-libs-1.0.2k-2.el6.cloudlinux.10.x86_64
openssl-1.0.1e-57.el6.x86_64
openssl-devel-1.0.1e-57.el6.x86_64

On EA4 server:

[email protected]:/# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[email protected]:/# rpm -qa | grep openssl
ea-openssl-1.0.2k-5.el7.cloudlinux.1.x86_64
openssl-devel-1.0.1e-60.el7_3.1.x86_64
alt-openssl-libs-1.0.2k-2.el7.cloudlinux.10.x86_64
openssl-1.0.1e-60.el7_3.1.x86_64
openssl-libs-1.0.1e-60.el7_3.1.x86_64

How can customers use version 1.0.2k?

Changelog:
/news/changelog.html

 

[Infopro]

This thread should be of some use:
SOLVED - OpenSSL 1.01e

 

[Hedloff]

That thread did not solve anything.
1.0.1 is not supported anymore so I'm wondering why it is still used on all our cPanel servers?
OpenSSL - Wikipedia

 

[cPanelMichael]

Hello,

OpenSSL is provided by the operating system (e.g. CentOS, Red Hat) and is not a package that's developed or published by cPanel. You may find the following command helpful to see which patches have been backported to the version of openssl installed on your system:

rpm -q --changelog openssl | grep CVE

It lists the patches included with the RPM, as the version number will not always change after an update. Also, since you are using CloudLinux, they provide updates to the OpenSSL package. Here's their latest blog post regarding openssl:

OpenSSL updated for CloudLinux 6 and CloudLinux 7

Thank you.