Thanks for getting back to me.
I can confirm that I've got the latest available version for the server installed from the Imunify repository which matches up to that on https://repo.imunify360.cloudlinux.c...6_64/Packages/.
As long as one is on the way that's great, thanks for letting me know that there will be one at some point.
Announcement
Collapse
No announcement yet.
OpenSSL Updates
Collapse
X
-
Hi,
First of all please check you are using latest packages, just the regular 'yum update' should bring a list and for sure the newest version of alt-openssl should be available.
Same time I am requesting our devs to update it to 1.1.1v . Unfortunately have no ETA.
Leave a comment:
-
OpenSSL Updates
Hi Folks,
Apologies if this is not the correct forum location. I've checked and cannot see any recent posts in relation to this so hoping someone can help advise. I am currently looking after multiple cPanel based servers running mainly CentOS7.9 with cPanel installed. Our most recent iteration of a threat scan is reporting vulnerabilities with the installed version of OpenSSL provided by the alt-openssl package from the Imunify360 repository as below.
Solution
Upgrade to OpenSSL version 1.1.1v or later.
Plugin Output
Path : /opt/alt/openssl11/lib64/libssl.so.1.1
Reported version : 1.1.1p
Fixed version : 1.1.1v
Package : alt-openssl-1:1.0.2k-2.el7.cloudlinux.10.x86_64
State : Dep-Install
Size : 1,340,834
Build host : build.cloudlinux.com
Build time : Fri Jun 30 09:37:55 2017
Packager : CloudLinux Packaging Team <packager@cloudlinux.com>
Vendor : CloudLinux
License : OpenSSL
URL : http://www.openssl.org/
Source RPM : alt-openssl-1.0.2k-2.el7.cloudlinux.10.src.rpm
Commit Time : Thu Jun 29 13:00:00 2017
The scan in question does appear to be referring to CVE-2023-3446 mostly which I can see is no longer in the support scope of RHEL as per https://access.redhat.com/security/cve/cve-2023-3446 so the base version will not be receiving a patch. The same issue has been found with the ea-openssl package but this has since been patched within a recent update as per https://docs.cpanel.net/changelogs/e...hange-log-2023 in release EA-11578. Are you able to confirm if the alt-openssl package provided by the cloudlinux/imunify will be getting an update and any possible timeline for this? If there is no planned patch then confirmation of this is fine as I can push for migration/upgrades to an updated OS.
Thanks in advance.
Fazz
Tags: None
Leave a comment: