Jump to: navigation, search

SUPPORT COMMUNICATION - CUSTOMER ADVISORY - 22605122016

Summary

Element Description
Document ID 22605122016
Version 1
Advisory category Advisory
Impact Low Risk
OS version Centos 6 or RedHat 6
MCS version Pending
Release date 5 December 2016
Last updated 5 December 2016
Integrated MCS Version Pending
Keywords openssl update
Apply on DR Secondary server Apply on DR secondary. Skip service restart steps.

Description

  • Upgrade openssl to version openssl-1.0.1e-48.el6_8.3.x86_64 and openssl-devel-1.0.1e-48.el6_8.3.x86_64. This advisory provides the updated openssl.
  • Solves CRIME vulnerability also.

Patch Name

  • NA

Patch Installation

(Note: rpm's containing in above tar are for CentOS. We have tested on CentOS. These rpms cannot be directly installed on RHEL6.)

  • Check running services
/mithi/mcs/bin/manageservices.sh --listrunning > running_services_before.txt
  • Run DROWN-test.sh script.
cd Openssl_security_update/
sh DROWN-test.sh

Running it should show that the server is vulnerable to DROWN.
  • Check and find current openssl version for rollback.
  • Upgrade openssl
cd Openssl_security_update/
rpm -Uvh openssl*.rpm
  • Restart all running services
ListOfServices=$(/mithi/mcs/bin/manageservices.sh --listrunning | sed 's/drbd,//' | sed 's/iptables,//')
/mithi/mcs/bin/manageservices.sh --restartservices $ListOfServices
  • Compare running services with services in running_services_before.txt
  • Check that openssl rpm's upgraded
rpm -qa | grep openssl
  • Testing
Login using imaps and pops
Webchat and Chat History
SMTP+TLS login

Patch Uninstallation

  • Install old rpms using force
rpm --force -Uvh openssl*.rpm
  • Restart all running services
ListOfServices=$(/mithi/mcs/bin/manageservices.sh --listrunning | sed 's/drbd,//' | sed 's/iptables,//')
/mithi/mcs/bin/manageservices.sh --restartservices $ListOfServices
  • Check that all service are running comparing with the original list.
  • Testing
Login using imaps and pops
Webchat and Chat History
SMTP+TLS login