Endpoint Protection

 View Only
Expand all | Collapse all

which is the openssl version in sepm 14.3 RU5

  • 1.  which is the openssl version in sepm 14.3 RU5

    Posted Nov 01, 2022 10:49 AM
    Hello Team,

    which is the openssl version in sepm 14.3 RU5

    Does SEPM 14.3 RU5  using OpenSSL versions 3.0.0 to 3.0.5  it has this vulnerabilty -CVE-2022-3358

    Kindly confirm ...

    Regards

    Harsha


  • 2.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 01, 2022 10:59 AM

    14.3 RU5 uses 3.0.2.

    14.3 RU6 will have 3.0.7. 

    This should be released soon.



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 3.  RE: which is the openssl version in sepm 14.3 RU5

    Posted Nov 02, 2022 08:18 AM
    Hi John,  can you explain the difference between these 3 different downloads of 14.3 RU5.  I'm still on RU4 and I don't know which download to use to update to RU5.




  • 4.  RE: which is the openssl version in sepm 14.3 RU5

    Posted Nov 02, 2022 08:51 AM
    Can you please post here when the 14.3 ru6 is available with a fix for the openssl vulnerability?


  • 5.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 02, 2022 10:14 AM
    Sure thing. Current eta is Monday 11/7.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 6.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 02, 2022 10:34 AM
    I would wait for 14.3 RU6 to upgrade. I would not upgrade to 14.3 RU5 at this time.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 7.  RE: which is the openssl version in sepm 14.3 RU5

    Posted Nov 03, 2022 04:43 PM
    Is 14.3 RU5 the first version using openssl 3.0.X? We have some older versions installed and need to know if those are vulnerable. Is there a chart published somewhere that shows the openssl version for each SEP version?


  • 8.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 01, 2022 12:29 PM
    Support Content Notification - Support Portal - Broadcom support portal

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 9.  RE: which is the openssl version in sepm 14.3 RU5

    Posted Nov 01, 2022 11:11 PM
    Hi John,

    Thank for the information

    Regards

    Harsha


  • 10.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 02, 2022 04:25 PM

    Keep in mind the Security Advisory is for CVE-2022-3786 & CVE-2022-3602.

    You would want to open a case and ask about the older CVE-2022-3358. 



    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 11.  RE: which is the openssl version in sepm 14.3 RU5

    Posted Nov 04, 2022 09:01 AM
    hi @John Owens

    OPENSSL Security Advisory is for CVE-2022-3786 & CVE-2022-3602.
    1. what is Symantec version 14.3 RU4 using OpenSSL version?
    2. Does OpenSSL impact to Symantec version 14.3 RU4?

    Thank you on a head for your answers



  • 12.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 04, 2022 11:31 AM
    Only SEPM 14.3 RU5 runs an OpenSSL version of 3.0.x. All previous versions run 1.1.x.x versions

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 13.  RE: which is the openssl version in sepm 14.3 RU5

    Broadcom Employee
    Posted Nov 08, 2022 12:27 PM
    14.3 RU6 is available for download.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Endpoint Security Division (SES)
    Broadcom Software
    ------------------------------



  • 14.  RE: which is the openssl version in sepm 14.3 RU5

    Posted Nov 09, 2022 05:38 AM
    it uses one of the OpenSSL impacted versions 3.0.2