How to update Security Analytics 6.6.x and 7.1.x openssl packages to address vulnerabilities

Article Id: 169171
Status: Published
Updated On: 14-03-2019 14:55
Legacy Id: TECH246009
Products:
Security Analytics
Issue/Introduction:

Referring to Security Advisories at https://support.symantec.com/en_US/article.SYMSA1363.html,

Security Analytics 6.6.x and 7.1.x are vulnerable to CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, and CVE-2016-2109.  Security Analytics 6.6.x and 7.1.x are also vulnerable to CVE-2016-2107 when running on an AESNI-capable hardware platform.  See the Advisory Details section for more details.  

Resolution:

Upgrade to Security Analytics 7.2.x, which is not vulnerable.

Workaround

If you are running 6.6.x or 7.1.x and are not ready to upgrade to 7.2.x, please upgrade first to Security Analytics version 6.6.12 or 7.1.11.  Then unzip and install the 2 RPMs attached to fix this vulnerabilities. 

- openssl-1.0.1e-48.atpsa1.1.x86_64.rpm 
- openssl-libs-1.0.1e-48.atpsa1.1.x86_64.rpm 

  1. SCP the two rpm files to the SA appliance and place in the /tmp directory
  2. Run the command 'rpm -U name_of_file.rpm'
  3. Reboot the appliance

insert_drive_file SA123.zip
arrow_downward Download