| Author |
|
Alok Pandey
Joined: 25 Apr 2024
Posts: 3
Location: India, Bangalore
|
 Posted: Thu 25 Apr '24 12:37 Post subject: Updating OpenSSL to 3.1.6 or Later |
 |
|
Hello,
In vulnerability scans have picked up out-of-date OpenSSL files within an Apache install. The current version of Apache is 2.4.59 and the version of openssl inside it is 3.1.5.
Scans recommend updating openssl to 3.1.6 or later to resolve the specified vulnerability (Vulnerability Plugin ID : 192974).
Please let us know how to update openssl to 3.16 or later ? |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Thu 25 Apr '24 13:02 Post subject: |
|
|
| 3.1.6 not released yet. |
|
| Back to top |
|
Alok Pandey
Joined: 25 Apr 2024
Posts: 3
Location: India, Bangalore
|
| Posted: Thu 25 Apr '24 13:10 Post subject: |
|
|
As i can see the latest release is OpenSSL 3.3.0. Is there any way to update Apache 2.4.59 with OpenSSL 3.3.0.
Then it will not come in vulnerability scan report. |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Thu 25 Apr '24 14:25 Post subject: |
|
|
No plans for 3.3.0 yet.
The Vulnerability Plugin ID : 192974 :
Note from OpenSSL :
Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time.
The fix will be included in the next releases when they become available. |
|
| Back to top |
|
Alok Pandey
Joined: 25 Apr 2024
Posts: 3
Location: India, Bangalore
|
| Posted: Thu 25 Apr '24 14:30 Post subject: |
|
|
Thank you  |
|
| Back to top |
|
