Skip navigation

Upgrade of Openssl version 1.0.2g of Truesight 10.5 to Openssl version 1.0.2i or later 1.1.0.

score 5
You have not voted. Not Planned

This is to Upgrade of Open SSL version 1.0.2g of Truesight 10.5 to OpenSSL version 1.0.2i or later 1.1.0. Because, There is OpenSSL vulnerability (SWEET32 Mitigation (CVE-2016-2183)) which is severity LOW, SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms  that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based

ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in  OpenSSL 1.0.1 and OpenSSL 1.0.2.

To remediate this the recommendation is, need to upgrade the OpenSSL version as suggested.

OpenSSL 1.0.2 users should upgrade to 1.0.2i

OpenSSL 1.0.1 users should upgrade to 1.0.1u

 

Openssl default version of 10.5 is 1.0.2g , although sererity ls low, Not an official recommendation from BMC that "can upgrade the openssl to 1.0.2i or later 1.1.0" As this upgraded version of the OpenSSL is not tested and can't recommend to follow the steps mentioned in remediation. As per our security standards we need to upgrade the Versions to meet the Security Policies of us. In this case we need BMC Standby support, do we get standby support from BMC Support? if in case any issue occurs.

Comments

Vote history