1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 <2024> | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 <2024> |
<== Date ==> | <== Thread ==> |
---|
Subject: | OpenSSL vulnerability epics |
From: | "Hermann, Raphael P. via Tech-talk" <tech-talk at aps.anl.gov> |
To: | "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov> |
Date: | Fri, 26 Jan 2024 15:29:09 +0000 |
Dear colleagues, I’m running epics on a lab computer and ORNL IT safety flags a few vulnerabilities related to OpenSSL: /opt/epics/extensions/lib/linux-x86_64/libcrypto.so.1.1 Reported version : 1.1.1 Fixed version : 1.1.1a /opt/epics/extensions/lib/linux-x86_64/libcrypto.so.1.0.0 Reported version : 1.0.1d Fixed version : 1.0.1g I’ve recompile the latest base distribution after updating OpenSSL, but it seems this library is not pulled from the system. Do you have any advice on patching this?
Raphael Hermann -- Raphaël P. Hermann (he/him/his) Senior Researcher Neutron and X-ray Scattering Group Materials Science and Technology Division Oak Ridge National Laboratory Bldg. 4515, Rm. 233, MS-6064 Oak Ridge, TN 37831-6064 USA Phone: 865-576-4264 *Valid for package delivery. // For USPS service only: Replace with
P.O. Box 2008 |