Dear colleagues,
I’m running epics on a lab computer and ORNL IT safety flags a few vulnerabilities related to OpenSSL:
/opt/epics/extensions/lib/linux-x86_64/libcrypto.so.1.1 Reported version : 1.1.1 Fixed version : 1.1.1a
/opt/epics/extensions/lib/linux-x86_64/libcrypto.so.1.0.0 Reported version : 1.0.1d Fixed version : 1.0.1g
I’ve recompile the latest base distribution after updating OpenSSL, but it seems this library is not pulled from the system.
Do you have any advice on patching this?
Thanks
Raphael Hermann
Raphaël P. Hermann (he/him/his)
Senior Researcher
Neutron and X-ray Scattering Group
Materials Science and Technology Division
Oak Ridge National Laboratory
Bldg. 4515, Rm. 233, MS-6064
1, Bethel Valley Rd*
Oak Ridge, TN 37831-6064 USA
Phone: 865-576-4264
*Valid for package delivery. // For USPS service only: Replace with
P.O. Box 2008