This patch release includes a fix for CVE-2022-0778 vulnerability. This patch is supported for the following versions of the product:
Access Manager 5.0
Access Manager 5.0 Service Pack 1
Access Manager Appliance 5.0 Service Pack 1
NOTE:This patch will upgrade OpenSSL package bundled with Access Gateway Components.
This release provides a fix for CVE 2022-0778, OpenSSL vulnerability issue.
IMPORTANT:In a cluster setup, ensure that you install the patch on each node of the Access Manager setup.
Download the patch file from the Software License and Download portal.
For information about how to download the product from this portal, watch the following video:
Table 1 Files Available for Access Manager Patch Release for the OpenSSL Vulnerability:
Contains the OpenSSL vulnerability fix for Access Gateway on Linux and Access Manager Appliance.
During installation of the patch, all running services are stopped temporarily. After the patch is installed, all services are restarted.
After installing this patch, the version number of Access Manager components is not changed.
Access Manager on Linux and Access Manager Appliance
Extract the patch file by using the tar -xvf AM_OpenSSL_Patch_Linux64.tar.gz command.
Run the rcnovell-apache2 stop command to stop the Apache service.
Go to the location where you have extracted the patch files.
Run the rpm -U novell-nacm-apache-extra-4.2.2-1.0.2zd.x86_64.rpm command in the extracted AM_OpenSSL_Patch_Linux64 folder as a root or root equivalent user.
To validate whether the patch is applied successfully, run the following command and check the OpenSSL versions are novell-nacm-apache-extra-4.2.2-1.0.2zd.x86_64:
rpm -qa| grep novell-nacm-apache-extra
Run the rcnovell-apache2 start command to start the Apache service.
For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.
Additional technical information or advice is available from several sources:
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/about/legal/.
© Copyright 2022 Micro Focus or one of its affiliates.