• Product: Aleph
• Product Version: 20, 21, 22, 23
• Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care

Problem Symptoms:
Are Ex Libris products affected by OpenSSL Security Advisory CVE-2014-0224?
See http://www.openssl.org/news/secadv_20140605.txt

Cause:
Defect in OpenSSL version 0.9.8

Resolution:
Upgrade the OpenSSL:
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.

Additional Information
Update on 19 June 2014:
You can now download OpenSSL version 0.9.8za from our ftp servers using 
UTIL SP 6. Download 3rd party products update

More information about how to upgrade the third-party products can be found in the following documents:
(1)
Aleph:
Chapter 9 "Downloading and installing third-party product updates " of the document "The Aleph Service Pack Mechanism Version 22"
(2)
Primo:
Section "Installing Third-Party Product Updates" of the document "Primo Service Pack Installation Guide Version 4.x".

• Article last edited: 6-Jun-2016