AIX Open Source

 View Only
  • 1.  httpd 2.4.59 openssl libs included still vulnerable ?

    Posted Fri June 07, 2024 05:24 AM

    Hi there

    The newest version of Apache httpd 2.4.59 still shows up in our Tenable scans as vulnerable for OpenSSL/1.1.1v. Is it planned to be updated to a newer version of openssl (maybe version 3)?

    Thanks in advacne and kind regards,

    Stefano



    ------------------------------
    Stefano Calisto
    ------------------------------


  • 2.  RE: httpd 2.4.59 openssl libs included still vulnerable ?

    Posted Wed June 12, 2024 09:02 AM
    Edited by SANGAMESH MALLAYYA Wed June 12, 2024 09:01 AM

    Hi Stefano,

    We are planning to start building our toolbox packages with openssl3 from next quarter.



    ------------------------------
    SANGAMESH
    ------------------------------



  • 3.  RE: httpd 2.4.59 openssl libs included still vulnerable ?

    Posted 25 days ago

    I have a couple questions :

    • Does OpenSSL v. 3 run on AIX 7.2 ?
    • What ETA can we tell our security department when the fixes will arrive ?

    Thanks



    ------------------------------
    Scott Gruber
    ------------------------------



  • 4.  RE: httpd 2.4.59 openssl libs included still vulnerable ?

    Posted 25 days ago

    Yes openssl v3 available and runs on AIX 7.2

     

    Thanks,

     

    Sanket Rathi