How to update Security Analytics 6.6.x and 7.1.x openssl packages to address vulnerabilities


Article ID: 169171


Updated On:


Security Analytics


Referring to Security Advisories at,

Security Analytics 6.6.x and 7.1.x are vulnerable to CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, and CVE-2016-2109.  Security Analytics 6.6.x and 7.1.x are also vulnerable to CVE-2016-2107 when running on an AESNI-capable hardware platform.  See the Advisory Details section for more details.  


Upgrade to Security Analytics 7.2.x, which is not vulnerable.


If you are running 6.6.x or 7.1.x and are not ready to upgrade to 7.2.x, please upgrade first to Security Analytics version 6.6.12 or 7.1.11.  Then unzip and install the 2 RPMs attached to fix this vulnerabilities. 

- openssl-1.0.1e-48.atpsa1.1.x86_64.rpm 
- openssl-libs-1.0.1e-48.atpsa1.1.x86_64.rpm 

  1. SCP the two rpm files to the SA appliance and place in the /tmp directory
  2. Run the command 'rpm -U name_of_file.rpm'
  3. Reboot the appliance

Attachments get_app