Looking at Novell's web site, it says we have to be at openssl-0.9.8j-0.58.1 or greater to be in the clear for CVE-2014-0224 (openssl), even though it says in the description "OpenSSL before 0.9.8za" is vulnerable. openssl-0.9.8j-0.58.1 is listed in the fixed package versions, and that is the version we are at, but I wanted to verify. Doesn't 0.9.8j come before 0.9.8za?

The Novell advisory is at the following url: