A number of vulnerabilities have been discovered in the OpenSSL library used by the VisbileThread Ubuntu operating system.
OpenSSL is a cryptography library used on Linux servers.
For more information on the vulnerabilities see http://www.ubuntu.com/usn/usn-2959-1/
VisibleThread and Clarity Grader cloud customers
Our operations team are currently working on patching our affected servers. Our cloud users will not be effected by this issue. We have no evidence to suggest that our VisibleThread servers were exploited by this vulnerability.
VisibleThread on-premise customers
Note: Your VisibleThread on-premise installation is self-contained and running behind your corporate firewall, so there is very little actual risk of being impacted by this issue
VisibleThread on-premise customers running the Ubuntu 12.04 LTS operating system can patch their systems following the steps below.
As with any update, its a good idea to snapshot or backup your VisibleThread VM before applying this. Note this update requires restarting the Apache web server, so while no application downtime is required some users may experience a small interruption in service.
If your VisibleThread VM has access to the internet to download Ubuntu updates, all that is required is:
sudo apt-get update
sudo apt-get install openssl libssl1.0.0
sudo service apache2 restart
If your VisibleThread server does not have access to the Ubuntu repositories, we have provided the necessary package updates as attachments to this post.
1. Upload the attached .deb files to your VisibleThread server using ftp.
2. On the VisibleThread server command line type the following:
sudo dpkg -i libssl1.0.0_1.0.1-4ubuntu5.36_amd64.deb
sudo dpkg -i openssl_1.0.1-4ubuntu5.36_amd64.deb
sudo service apache2 restart
Once you have completed the steps above you should type the following to verify:
sudo dpkg -s libssl1.0.0
This should output a version number which should read '1.0.1-4ubuntu5.36'