Our Security Patch Administrator told me to remediate vulnerabilities on several SLES 11 sp4 OES 2015.1 servers. In regard to CVE-2015-0204 which is from 2015.

I know these servers, which I inherited, have been patched many times since 2015.

Current openssl version>0.9.8j-fips 07 Jan 2009.

The CVE says to update from OpenSSL 0.9.8 to 0.9.8zd. However this update is not in the Online Update channel.

The Change Log for Openssl Security Updates has CVE-2015-0204 as an entry. Does this mean the vulnerability was fixed back in 2015. Thank you!