VisibleThread Help Center

    VisibleThread Security Update OpenSSL (September 2016)

    Follow

    A number of vulnerabilities have been discovered and patched in the OpenSSL library over the last number of days. The OpenSSL library is used by servers and other devices all over the world to manage securing communications.

    For more information on the vulnerabilities see http://www.ubuntu.com/usn/usn-3087-2/

     

    VisibleThread and Clarity Grader cloud customers

    Our cloud servers including both VisibleThread Docs and Clarity Grader have already been patched with the latest OpenSSL fixes. Our cloud users are not affected by this issue.

    VisibleThread on-premise customers

    Note: Your VisibleThread on-premise installation is self-contained and running behind your corporate firewall, so there is very little actual risk of being impacted by this issue

    VisibleThread on-premise customers running the Ubuntu 12.04 LTS operating system can patch their systems following the steps below.

    As with any update, its a good idea to snapshot or backup your VisibleThread VM before applying this. Note this update requires restarting the Apache web server, so while no application downtime is required some users may experience a small interruption in service.

     

    If your VisibleThread VM has access to the internet to download Ubuntu updates, all that is required is:

    sudo apt-get update

    sudo apt-get install openssl libssl1.0.0

    sudo service apache2 restart

     

    If  your VisibleThread server does not have access to the Ubuntu repositories, we have provided the necessary package updates as attachments to this post.

    1. Upload the attached .deb files to your VisibleThread server using ftp.

    2. On the VisibleThread server command line type the following:

    sudo dpkg -i libssl1.0.0_1.0.1-4ubuntu5.38_amd64.deb

    sudo dpkg -i openssl_1.0.1-4ubuntu5.38_amd64.deb

    sudo service apache2 restart

     

    Once you have completed the steps above you should type the following to verify:

    sudo dpkg -s libssl1.0.0

     

    This should output a version number which should read '1.0.1-4ubuntu5.38'

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments