Security scan flags OpenSSL/0.9.8za as security risk
- Product: Aleph
- Product Version: 20, 21, 22, 23
- Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care
Description
In doing security scans on our Aleph website, our IT department flagged OpenSSL as being a security risk. The version we run is OpenSSL/0.9.8za
The suggestion is that this software be upgraded to version 1.1.0 or better.
Resolution
Aleph V22 and V23 support openssl-1.0.2k. Updating of OpenSSL occurs as part of "Download the Third-Party Product Updates (util SP 6)" of the Service Pack. (It seems that this was not done as part of the most recent Service Pack application.)
Downloading of the Third-Party Product Updates included openssl-1.0.2k, which has met the site's security requirements.
See also the article: Determine Version of OpenSSL Software used by an Ex Libris Product .
- Article last edited: 28-Mar-2018