AIX Open Source

Hi there

The newest version of Apache httpd 2.4.59 still shows up in our Tenable scans as vulnerable for OpenSSL/1.1.1v. Is it planned to be updated to a newer version of openssl (maybe version 3)?

Thanks in advacne and kind regards,

Stefano

------------------------------
Stefano Calisto
------------------------------

Hi Stefano,

We are planning to start building our toolbox packages with openssl3 from next quarter.

------------------------------
SANGAMESH

Original Message:
Sent: Fri June 07, 2024 05:23 AM
From: Stefano Calisto
Subject: httpd 2.4.59 openssl libs included still vulnerable ?

Hi there

The newest version of Apache httpd 2.4.59 still shows up in our Tenable scans as vulnerable for OpenSSL/1.1.1v. Is it planned to be updated to a newer version of openssl (maybe version 3)?

Thanks in advacne and kind regards,

Stefano

------------------------------
Stefano Calisto
------------------------------

I have a couple questions :

• Does OpenSSL v. 3 run on AIX 7.2 ?
• What ETA can we tell our security department when the fixes will arrive ?

Thanks

Hi Stefano,

We are planning to start building our toolbox packages with openssl3 from next quarter.

------------------------------
SANGAMESH

Original Message:
Sent: Fri June 07, 2024 05:23 AM
From: Stefano Calisto
Subject: httpd 2.4.59 openssl libs included still vulnerable ?

Hi there

The newest version of Apache httpd 2.4.59 still shows up in our Tenable scans as vulnerable for OpenSSL/1.1.1v. Is it planned to be updated to a newer version of openssl (maybe version 3)?

Thanks in advacne and kind regards,

Stefano

------------------------------
Stefano Calisto
------------------------------