NetIQ Access Manager Patch Release for OpenSSL Vulnerability

This patch release includes a fix for CVE-2022-0778 vulnerability. This patch is supported for the following versions of the product:

Access Manager 5.0
Access Manager 5.0 Service Pack 1
Access Manager Appliance 5.0 Service Pack 1

NOTE:This patch will upgrade OpenSSL package bundled with Access Gateway Components.

In this Section

Security Vulnerability Fixes
Applying the Patch
Contacting Micro Focus

1.0 Security Vulnerability Fixes

This release provides a fix for CVE 2022-0778, OpenSSL vulnerability issue.

2.0 Applying the Patch

IMPORTANT:In a cluster setup, ensure that you install the patch on each node of the Access Manager setup.

Downloading the Patch
Installing the Patch

2.1 Downloading the Patch

Download the patch file from the Software License and Download portal.

Table 1 Files Available for Access Manager Patch Release for the OpenSSL Vulnerability:

Filename	Description
AM_OpenSSL_Patch_Linux64.tar.gz	Contains the OpenSSL vulnerability fix for Access Gateway on Linux and Access Manager Appliance.

2.2 Installing the Patch

Access Manager on Linux and Access Manager Appliance

IMPORTANT:

During installation of the patch, all running services are stopped temporarily. After the patch is installed, all services are restarted.
After installing this patch, the version number of Access Manager components is not changed.

Access Manager on Linux and Access Manager Appliance

Extract the patch file by using the tar -xvf AM_OpenSSL_Patch_Linux64.tar.gz command.
Run the rcnovell-apache2 stop command to stop the Apache service.
Go to the location where you have extracted the patch files.
Run the rpm -U novell-nacm-apache-extra-4.2.2-1.0.2zd.x86_64.rpm command in the extracted AM_OpenSSL_Patch_Linux64 folder as a root or root equivalent user.
To validate whether the patch is applied successfully, run the following command and check the OpenSSL versions are novell-nacm-apache-extra-4.2.2-1.0.2zd.x86_64:

rpm -qa| grep novell-nacm-apache-extra
Run the rcnovell-apache2 start command to start the Apache service.

3.0 Contacting Micro Focus

For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.

Additional technical information or advice is available from several sources:

Product documentation, Knowledge Base articles, and videos: https://www.microfocus.com/support-and-services/
The Micro Focus Community pages: https://www.microfocus.com/communities/

4.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/about/legal/.