VisibleThread Help Center

    VisibleThread security update - OpenSSL (May 2016)

    Follow

    A number of vulnerabilities have been discovered in the OpenSSL library used by the VisbileThread Ubuntu operating system.

    OpenSSL is a cryptography library used on Linux servers.

     

    For more information on the vulnerabilities see http://www.ubuntu.com/usn/usn-2959-1/

     

    VisibleThread and Clarity Grader cloud customers

    Our operations team are currently working on patching our affected servers. Our cloud users will not be effected by this issue. We have no evidence to suggest that our VisibleThread servers were exploited by this vulnerability.

    VisibleThread on-premise customers

    Note: Your VisibleThread on-premise installation is self-contained and running behind your corporate firewall, so there is very little actual risk of being impacted by this issue

    VisibleThread on-premise customers running the Ubuntu 12.04 LTS operating system can patch their systems following the steps below.

    As with any update, its a good idea to snapshot or backup your VisibleThread VM before applying this. Note this update requires restarting the Apache web server, so while no application downtime is required some users may experience a small interruption in service.

     

    If your VisibleThread VM has access to the internet to download Ubuntu updates, all that is required is:

    sudo apt-get update

    sudo apt-get install openssl libssl1.0.0

    sudo service apache2 restart

     

    If  your VisibleThread server does not have access to the Ubuntu repositories, we have provided the necessary package updates as attachments to this post.

    1. Upload the attached .deb files to your VisibleThread server using ftp.

    2. On the VisibleThread server command line type the following:

    sudo dpkg -i libssl1.0.0_1.0.1-4ubuntu5.36_amd64.deb

    sudo dpkg -i openssl_1.0.1-4ubuntu5.36_amd64.deb

    sudo service apache2 restart

     

    Once you have completed the steps above you should type the following to verify:

    sudo dpkg -s libssl1.0.0

     

    This should output a version number which should read '1.0.1-4ubuntu5.36'

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments