On 1/26/24 10:29, Hermann, Raphael P. via Tech-talk wrote:
Dear colleagues,
I’m running epics on a lab computer and ORNL IT safety flags a few vulnerabilities related to OpenSSL:
/opt/epics/extensions/lib/linux-x86_64/libcrypto.so.1.1 Reported version : 1.1.1 Fixed version : 1.1.1a
/opt/epics/extensions/lib/linux-x86_64/libcrypto.so.1.0.0 Reported version : 1.0.1d Fixed version : 1.0.1g
I’ve recompile the latest base distribution after updating OpenSSL, but it seems this library is not pulled from the system.
Do you have any advice on patching this?
I would suggest first finding if any running process has actually loaded
this library.
fyi. a google search for something like "linux find process using library"
should lead you to the 'lsof' and/or 'fuser' CLI commands.
For example. fuser shows many processes on my laptop which have loaded
libcrypt.so from the system location. cf. "man fuser" for the significance
of the trailing 'm'.
sudo fuser /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0: 1m 659m 822m 1015m 1177m 1220m 1222m 1225m 1227m 1229m 1230m 1231m 1232m 1628m 1630m 1631m 2554m 2555m 2931m 2932m 3537m 3539m 3673m 3685m 14161m 14162m 24017m 24018m 37014m 37015m
- References:
- OpenSSL vulnerability epics Hermann, Raphael P. via Tech-talk
- Navigate by Date:
- Prev:
Re: areaDetector monthly meeting Marco A. Barra Montevechi Filho via Tech-talk
- Next:
RE: MAXnet ld:Can't open "omsAsyn.munch": No such file or directory. Mark Rivers via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
<2024>
- Navigate by Thread:
- Prev:
Re: [EXTERNAL] OpenSSL vulnerability epics Hartman, Steven via Tech-talk
- Next:
known problem with the reccaster on Windows? Heinz Junkes via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
<2024>
|