Upgrade OpenSSL

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Upgrade OpenSSL

Postby daithi_dearg » 19. April 2017 10:53

Hello,

I'm doing a Security scan and there is an OpenSSL Vulnerability and I'm being prompted to upgrade to version 1.0.2k.

I came across the following for another vulnerability:
https://pioneear.wordpress.com/2014/05/01/windows-apache-wamp-or-xampp-openssl-update-to-fix-hearbleed-bug/

This talks about copying these files:
bin\libeay32.dll
bin\ssleay32.dll
bin\openssl.exe

Any suggestions on where I can source these files?

Regards,
David
daithi_dearg
 
Posts: 4
Joined: 18. April 2017 18:14
XAMPP version: 7.1.1
Operating System: Windows 7

Re: Upgrade OpenSSL

Postby gsmith » 22. April 2017 17:44

It depends on a few factors one of which is what version are you using now.
gsmith
 
Posts: 211
Joined: 29. November 2013 18:04
Location: San Diego
XAMPP version: 0.0.0
Operating System: Win XP to 2012R2/VS 6,9,11,14

Re: Upgrade OpenSSL

Postby daithi_dearg » 25. April 2017 10:23

I'm currently on 1.0.2j
daithi_dearg
 
Posts: 4
Joined: 18. April 2017 18:14
XAMPP version: 7.1.1
Operating System: Windows 7

Re: Upgrade OpenSSL

Postby daithi_dearg » 25. April 2017 10:43

I'll also add that it might be worth patching this to 1.1.0 as there is also a Medium Vulnerability against this also.
daithi_dearg
 
Posts: 4
Joined: 18. April 2017 18:14
XAMPP version: 7.1.1
Operating System: Windows 7

Re: Upgrade OpenSSL

Postby Altrea » 25. April 2017 11:30

Medium Vulnerability in which context?
A local test and development environment can have multiple software security vulnerabilities without ever being attackable or insecure.

If you want to always get best scores in so named vulnerability scanners than xampp is the wrong product for you. XAMPP does not provide single component upgrases.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8879
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Upgrade OpenSSL

Postby daithi_dearg » 25. April 2017 11:37

We have a tool Nessus that runs and rates vulnerabilities as Critical, High, Medium etc.

Looking at this another way is there a way we can lock down ports so that these can't be scanned?
daithi_dearg
 
Posts: 4
Joined: 18. April 2017 18:14
XAMPP version: 7.1.1
Operating System: Windows 7

Re: Upgrade OpenSSL

Postby Altrea » 25. April 2017 17:34

Sure, thats what a firewall is for.
Or you can disable ssl if you don't use it
Or you can unplug your network cable,
Or you ask your IT expert what you should do to secure this up.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8879
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 41 guests