A number of vulnerabilities have been discovered and patched in the OpenSSL library over the last number of days. The OpenSSL library is used by servers and other devices all over the world to manage securing communications.
For more information on the vulnerabilities see http://www.ubuntu.com/usn/usn-3087-2/
VisibleThread and Clarity Grader cloud customers
Our cloud servers including both VisibleThread Docs and Clarity Grader have already been patched with the latest OpenSSL fixes. Our cloud users are not affected by this issue.
VisibleThread on-premise customers
Note: Your VisibleThread on-premise installation is self-contained and running behind your corporate firewall, so there is very little actual risk of being impacted by this issue
VisibleThread on-premise customers running the Ubuntu 12.04 LTS operating system can patch their systems following the steps below.
As with any update, its a good idea to snapshot or backup your VisibleThread VM before applying this. Note this update requires restarting the Apache web server, so while no application downtime is required some users may experience a small interruption in service.
If your VisibleThread VM has access to the internet to download Ubuntu updates, all that is required is:
sudo apt-get update
sudo apt-get install openssl libssl1.0.0
sudo service apache2 restart
If your VisibleThread server does not have access to the Ubuntu repositories, we have provided the necessary package updates as attachments to this post.
1. Upload the attached .deb files to your VisibleThread server using ftp.
2. On the VisibleThread server command line type the following:
sudo dpkg -i libssl1.0.0_1.0.1-4ubuntu5.38_amd64.deb
sudo dpkg -i openssl_1.0.1-4ubuntu5.38_amd64.deb
sudo service apache2 restart
Once you have completed the steps above you should type the following to verify:
sudo dpkg -s libssl1.0.0
This should output a version number which should read '1.0.1-4ubuntu5.38'