Posted November 7, 20231 yr Hi Guys! Trying to find info, I got here! and I've seen plenty of very interesting things!! I hope anyone can help me out.. I have a server with Centos 7.9 and CWP.. problem is, after a penetration test, they say that a critical issue showed up.. and need to be fixed CVE-2022-2068.. I have OpenSSL 1.0.2k-fips 26 Jan 2017 in the system. (this is what openssl version shows) but in php it shows.. OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013 Anyway.. I found a way to update openssl in the system.. on the CWP forum.. I followed this.. https://forum.centos-webpanel.com/index.php?topic=4441.0 yum install install gcc gcc-c++ pcre-devel zlib-devel make unzip gd-devel perl-ExtUtils-Embed libxslt-devel openssl-devel perl-Test-Simple yum groupinstall 'Development Tools' cd /usr/src wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1v.tar.gz tar xvf openssl-1.1.1v.tar.gz mv openssl-1.1.1v openssl cd openssl ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl --libdir=/lib64 shared zlib-dynamic make -j4 make test make install mv /usr/bin/openssl /usr/bin/openssl-backup ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl Rebuild apache. now If I do openssl version It shows it shows _SERVER["SERVER_SOFTWARE"] Apache/2.4.57 (Unix) OpenSSL/1.1.1v SERVER_SOFTWARE Apache/2.4.57 (Unix) OpenSSL/1.1.1v But the php openssl remains.. OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013 I think I have to recompile php.. I did once but everything remains.. the same version.. 😞 I think I'll have to do it manually but I have the feeling I can end up breaking things in CWP.. Is there a way to update the php libraries without breaking cwp? thank all of you for reading and special thanks to those who can help me out! Edited November 7, 20231 yr by CyberFred
November 7, 20231 yr centos/el uses backporting for security fixes the version will show old but the security vulnerability is already fixed via yum update also centos 7 is ending in few months consider upgrading to almalinux8/centos 8 stream and it is not recommended to update the openssl in centos/el OS because this will break many dependencies. to upgrade apache webserver openssl you can use this tutorial
November 7, 20231 yr Author Solution Thank you Sandeep, I'm considering Rocky linux 8.8.. is alma better? thanks!
November 8, 20231 yr 12 hours ago, CyberFred said: Thank you Sandeep, I'm considering Rocky linux 8.8.. is alma better? thanks! i always preferer stream OS and alma is better than rocky
November 8, 20231 yr Author 6 hours ago, Sandeep B. said: i always preferer stream OS and alma is better than rocky Thanks Sandeep I was leaning towards rockybut if you consider alma better, then I should consider that..
Create an account or sign in to comment