Security Alert (A15-06-04): Multiple Vulnerabilities in OpenSSL
Posted by Ondrej Vanek, Last modified by Ondrej Vanek on 11 December 2015 08:34 AM

Regarding the OpenSSL vulnerability issues covered by Security Alert (A15-06-04) please upgrade openssl libraries in your system. In order to that follow the procedure described further below.

 

Afected Systems:

 

OpenSSL versions prior to 0.9.8zg, 1.0.0s, 1.0.1n or 1.0.2b 

All current versions of IceWarp Server are using affected versions of OpenSSL libraries.

 

IceWarp Server versions 10.0.5-10.4.1 are using 0.9.8x product version of OpenSSL

IceWarp Server versions 10.4.2-11.0.0 build 2 are using 1.0.0x product version of OpenSSL

IceWarp Server versions 11.0.0 build 3 and later are using 1.0.1x product version of OpenSSL. 

 

On Windows

 

a) IceWarp Server 32 bit version

  1. check the product version of your IceWarp OpenSSL libraries located in installation directory
  2. stop all services, wait until all php session ends or kill them
  3. rename ssleay32.dll and libeay32.dll to e.g. ssleay.dll.old (for backup purposes)
  4. import new OpenSSL libraries of the same product version (same numbers, but higher letter than prior versions mentioned in affected systems) to IceWarp Server installation directory
  5. restart all services

Feel free to update to the latest OpenSSL libraries of the same product version.

 

b) IceWarp Server 64 bit version

  1. follow steps 1 and 2 from instruction for 32 bit version of IceWarp Server
  2. rename ssleay32.dll, ssleay64.dll, libeay32.dll, libeay64.dll (viz. step 3 of previous article)
  3. replace files mentioned in previous step with attached OpenSSL libraries version 1.0.1x (only for this product version! -usable for Icewarp Server 11.0.0 build 3 and later)
  4. restart all services

 

On Linux

1) update your operating system

 

© o.vanek



Attachments 
 
 openssl1.0.1o64bit.zip (1.66 MB)
(5 vote(s))
Helpful
Not helpful

Comments (0)