Upgrade OpenSSL on a system with an internet connection
Upgrade the OpenSSL component for a running InsightIQ 4.1.3.x or InsightIQ 4.1.4.x system to address the security vulnerability: CVE-2021-3712. These steps show how to upgrade OpenSSL to version 1.1.1l on a site with an internet connection.
Determine whether an upgrade is required: see steps in
Upgrade OpenSSL.
Recommended:
Export the InsightIQ datastore to a location that is not on the InsightIQ host system. This database export can be used if a recovery is needed.
Recommended: Ensure or walk through the procedure on a different system before applying these changes to a production system.
NOTE The last letter of version 1.1.1l is the lower-case letter L.
Remove the previously-installed version of OpenSSL. The commands used to uninstall OpenSSL depend on the version you are uninstalling. For example:
Download the installation files for OpenSSL 1.1.1l or later from
https://www.openssl.org/source/, and then transfer them to the InsightIQ host.
Install dependencies required to install OpenSSL. The commands may be different for other Linux versions. For example, to update CentOS 7.8 or 7.9:
sudo yum install -y make gcc perl pcre-devel zlib-devel perl-core
Verify the installation file by comparing the MD5 checksum value.
md5sum openssl-1.1.1l.tar.gz
For example, for OpenSSL 1.1.1l, the MD5 checksum should be:
ac0d4387f3ba0ad741b0580dd45f6ff3.
Extract the installer:
tar -xvf openssl-1.1.1l.tar.gz
Compile and install OpenSSL:
cd openssl-1.1.1l
sudo ./config
sudo make
sudo make install
export LD_LIBRARY_PATH="/usr/local/lib:/usr/local/lib64"
sudo echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> ~/.bashrc
Check the version of OpenSSL on your system. The version should now be 1.1.1l or later:
[root@mk-236 ~]# openssl version
OpenSSL 1.1.1l 24 Aug 2021
NOTE If you receive the message: "No such file or directory", you can exit from current running shell, login again, and check again. You may also need to update the PATH environment variable to include the locations:
/usr/local/sbin and
/usr/local/bin.
Optional: Cleanup the installation by removing the installation files:
cd ..
rm -rf openssl-1.1.1l
rm -rf openssl-1.1.1l.tar.gz
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\