This is a package containing a policy, profile and report to assist in identifying affected OpenSSL package versions and validate the security of the servers visible in Red Hat CloudForms and ManageIQ.

See this blog post for additional details: Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example.

Download the following policy, profile and report yaml definitions and import them in your appliance:

• DROWN OpenSSL Vulnerability Policy
• Compliance: OpenSSL Security Profile
• DROWN OpenSSL Vulnerability Report

Once the policy and profile imported, the profile can be assigned to VM instances and Compliance can be checked.

The report provides the results of the compliance checks.