CyberFred Posted November 7 Share Posted November 7 (edited) Hi Guys! Trying to find info, I got here! and I've seen plenty of very interesting things!! I hope anyone can help me out.. I have a server with Centos 7.9 and CWP.. problem is, after a penetration test, they say that a critical issue showed up.. and need to be fixed CVE-2022-2068.. I have OpenSSL 1.0.2k-fips 26 Jan 2017 in the system. (this is what openssl version shows) but in php it shows.. OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013 Anyway.. I found a way to update openssl in the system.. on the CWP forum.. I followed this.. https://forum.centos-webpanel.com/index.php?topic=4441.0 yum install install gcc gcc-c++ pcre-devel zlib-devel make unzip gd-devel perl-ExtUtils-Embed libxslt-devel openssl-devel perl-Test-Simple yum groupinstall 'Development Tools' cd /usr/src wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1v.tar.gz tar xvf openssl-1.1.1v.tar.gz mv openssl-1.1.1v openssl cd openssl ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl --libdir=/lib64 shared zlib-dynamic make -j4 make test make install mv /usr/bin/openssl /usr/bin/openssl-backup ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl Rebuild apache. now If I do openssl version It shows it shows _SERVER["SERVER_SOFTWARE"] Apache/2.4.57 (Unix) OpenSSL/1.1.1v SERVER_SOFTWARE Apache/2.4.57 (Unix) OpenSSL/1.1.1v But the php openssl remains.. OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013 I think I have to recompile php.. I did once but everything remains.. the same version.. 😞 I think I'll have to do it manually but I have the feeling I can end up breaking things in CWP.. Is there a way to update the php libraries without breaking cwp? thank all of you for reading and special thanks to those who can help me out! Edited November 7 by CyberFred Link to comment Share on other sites More sharing options...
Sandeep B. Posted November 7 Share Posted November 7 centos/el uses backporting for security fixes the version will show old but the security vulnerability is already fixed via yum update also centos 7 is ending in few months consider upgrading to almalinux8/centos 8 stream and it is not recommended to update the openssl in centos/el OS because this will break many dependencies. to upgrade apache webserver openssl you can use this tutorial Link to comment Share on other sites More sharing options...
Solution CyberFred Posted November 7 Author Solution Share Posted November 7 Thank you Sandeep, I'm considering Rocky linux 8.8.. is alma better? thanks! Link to comment Share on other sites More sharing options...
Sandeep B. Posted November 8 Share Posted November 8 12 hours ago, CyberFred said: Thank you Sandeep, I'm considering Rocky linux 8.8.. is alma better? thanks! i always preferer stream OS and alma is better than rocky Link to comment Share on other sites More sharing options...
CyberFred Posted November 8 Author Share Posted November 8 6 hours ago, Sandeep B. said: i always preferer stream OS and alma is better than rocky Thanks Sandeep I was leaning towards rockybut if you consider alma better, then I should consider that.. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now