OpenSSL version and manual upgrade

Each year we have security vulnerability testing performed within our company and during the most recent testing, a vulnerability was identified in the Stor2rrd virtual machine with regards to an old version of OpenSSL installed.
The details of the finding are shown below:
'Vulnerable versions of OpenSSL installed
The version of OpenSSL installed on the affected system is out-of-date.  The version is vulnerable to various security flaws that may compromise the security of the transmitted information.  The use of outdated libraries impacts all software that depend on the vulnerable libraries.  The currently installed version is:  1.0.1e.  Upgrade to version 1.1.0f, which is the latest version at the time of this writing.  If the library is supplied by a vendor's product, contact the vendor for the latest version of OpenSSL that is supplied as a part of the software'
We deployed Stor2RRD as a virtual machine utilising the OVA file and have subsequently updated the application to version 2.1.  Is there a way to manually upgrade the OpenSSL version?  or do you have a copy of the later OpenSSL software that we can install on this appliance.
Thanks

Comments

  • Hi,

    openssl-1.0.2k is the version installed on the latest version of our Virtual Appliance.
    You can upgrade it manually to whatever version you wish.
    # yum upgrade openssl


Sign In or Register to comment.