Jump to content

Featured Replies

Posted
comment_253

Hi Guys!

Trying to find info, I got here! and I've seen plenty of very interesting things!!

I hope anyone can help me out..

I have a server with Centos 7.9 and CWP..

problem is, after a penetration test, they say that a critical issue showed up.. and need to be fixed

CVE-2022-2068..

I have OpenSSL 1.0.2k-fips  26 Jan 2017 in the system. (this is what openssl version shows)

but in php it shows..

OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013

 

Anyway..

I found a way to update openssl in the system.. on the CWP forum.. I followed this.. https://forum.centos-webpanel.com/index.php?topic=4441.0

yum install install gcc gcc-c++ pcre-devel zlib-devel make unzip gd-devel perl-ExtUtils-Embed libxslt-devel openssl-devel perl-Test-Simple

yum groupinstall 'Development Tools'
cd /usr/src
wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1v.tar.gz
tar xvf openssl-1.1.1v.tar.gz
mv openssl-1.1.1v openssl
cd openssl
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl --libdir=/lib64 shared zlib-dynamic
make -j4
make test
make install

mv /usr/bin/openssl /usr/bin/openssl-backup
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

Rebuild apache.

now If I do openssl version It shows 

it shows 

_SERVER["SERVER_SOFTWARE"] Apache/2.4.57 (Unix) OpenSSL/1.1.1v
SERVER_SOFTWARE Apache/2.4.57 (Unix) OpenSSL/1.1.1v

 

But the php openssl remains..

OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version

OpenSSL 1.0.1e-fips 11 Feb 2013

I think I have to recompile php.. I did once but everything remains.. the same version.. 😞

I think I'll have to do it manually but I have the feeling I can end up breaking things in CWP..

Is there a way to update the php libraries without breaking cwp? 

thank all of you for reading and special thanks to those who can help me out!

 

Edited by CyberFred

Solved by CyberFred

Go to solution
comment_255

centos/el uses backporting for security fixes the version will show old but the security vulnerability is already fixed via yum update

also centos 7 is ending in few months consider upgrading to almalinux8/centos 8 stream

and it is not recommended to update the openssl in centos/el OS because this will break many dependencies.

 

to upgrade apache webserver openssl you can use this tutorial 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now