Skip to main content

OpenSSL has been Updated (CVE-2015-1793)

The Alternative Chains Certificate Forgery vulnerability in OpenSSL, as reported in CVE-2015-1793, has been patched in CoreOS Linux (Alpha, Beta and Stable channels). If automatic updates are enabled (default configuration), your server should be patched within the next several hours (if it hasn’t already received the update).

If automatic updates are disabled, you can force an update by running update_engine_client -check_for_update.

If you have any questions or concerns, please join us in IRC freenode/#coreos.