This is also how Linux distro wide CVE fixes in crypto libs are done - done tmit once in the shared lib and reboot, done.

Otherwise you would have to find all the bundled copies and fix them separately & hope you didn't miss any.