Endpoint Protection

 View Only
Expand all | Collapse all

which is the openssl version in sepm 14.3 RU5

  • 1.  which is the openssl version in sepm 14.3 RU5

    Posted Nov 01, 2022 10:49 AM
    Hello Team,

    which is the openssl version in sepm 14.3 RU5

    Does SEPM 14.3 RU5  using OpenSSL versions 3.0.0 to 3.0.5  it has this vulnerabilty -CVE-2022-3358

    Kindly confirm ...

    Regards

    Harsha


  • 2.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 01, 2022 10:59 AM

    14.3 RU5 uses 3.0.2.

    14.3 RU6 will have 3.0.7. 

    This should be released soon.



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 3.  RE: which is the openssl version in sepm 14.3 RU5

    Posted 30 days ago
    Hi John,  can you explain the difference between these 3 different downloads of 14.3 RU5.  I'm still on RU4 and I don't know which download to use to update to RU5.




  • 4.  RE: which is the openssl version in sepm 14.3 RU5

    Posted 30 days ago
    Can you please post here when the 14.3 ru6 is available with a fix for the openssl vulnerability?


  • 5.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted 30 days ago
    Sure thing. Current eta is Monday 11/7.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 6.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted 30 days ago
    I would wait for 14.3 RU6 to upgrade. I would not upgrade to 14.3 RU5 at this time.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 7.  RE: which is the openssl version in sepm 14.3 RU5

    Posted 29 days ago
    Is 14.3 RU5 the first version using openssl 3.0.X? We have some older versions installed and need to know if those are vulnerable. Is there a chart published somewhere that shows the openssl version for each SEP version?


  • 8.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 01, 2022 12:29 PM
    Support Content Notification - Support Portal - Broadcom support portal

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 9.  RE: which is the openssl version in sepm 14.3 RU5

    Posted Nov 01, 2022 11:11 PM
    Hi John,

    Thank for the information

    Regards

    Harsha


  • 10.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted 30 days ago

    Keep in mind the Security Advisory is for CVE-2022-3786 & CVE-2022-3602.

    You would want to open a case and ask about the older CVE-2022-3358.



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 11.  RE: which is the openssl version in sepm 14.3 RU5

    Posted 28 days ago
    hi @John Owens

    OPENSSL Security Advisory is for CVE-2022-3786 & CVE-2022-3602.
    1. what is Symantec version 14.3 RU4 using OpenSSL version?
    2. Does OpenSSL impact to Symantec version 14.3 RU4?

    Thank you on a head for your answers



  • 12.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted 28 days ago
    Only SEPM 14.3 RU5 runs an OpenSSL version of 3.0.x. All previous versions run 1.1.x.x versions

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 13.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted 24 days ago
    14.3 RU6 is available for download.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 14.  RE: which is the openssl version in sepm 14.3 RU5

    Posted 23 days ago
    it uses one of the OpenSSL impacted versions 3.0.2