The Cyber Security group at our organization, has identified a number of vulnerabilities in the Broadcom API Gateway.  These boil down to needing an updated Java and OpenSSL.

Can you tell us when we can expect these or any other remediation that may be needed?  

The details:


OpenSSL Per CentOS Errata and Security Advisory 2022:1066 (CESA-2022:1066), the current version of openssl plugin (openssl-1.0.2k-24.el7_9) and library (openssl-libs-1.0.2k-24.el7_9) needs to updated to version xxx.1.0.2k-25.el7_9; is there an oncoming patch release to mitigate these vulnerabilities?

Release : 10.1

Component : API GATEWAY

OpenSSL Per CentOS Errata and Security Advisory 2022:1066 (CESA-2022:1066) has been fixed/added to the March Monthly Platform Patch for API Gateway 10.0 .

Layer7_API_PlatformUpdate_64bit_v10.X-CentOS-2022-03-29.L7P

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/release-announcements/CA-API-Gateway-Solutions--Patches/3024

Gateway 10.1 before platform patch:

# rpm -qa openssl

openssl-1.0.2k-22.el7_9.x86_64

Gateway 10.1 after platform patch:

# rpm -qa openssl

openssl-1.0.2k-25.el7_9.x86_64

[[email protected] ~]#