Hi All, I was looking for an errata for this, but I am not finding one. I amon Alma Linux 9. When I look at the Red Hat site, it looks like they state that this CVE does not affect release 9. Is this why I am not seeing an errata for it? I am new to all this?
“the vulnerability is in code for binary field elliptic curves, which RHEL has never enabled”
If the binary field elliptic curves are not enabled in RHEL, then they are not enabled in AlmaLinux. There is no point to touch something that is not used by anyone.
Would it be possible for a user to enable those curves in openssl?
I don’t know.
If you have done that, then you do know now that you have created a vulnerability.