NetIQ Access Manager Patch Release for OpenSSL Vulnerability

This patch release includes a fix for CVE-2022-0778 vulnerability. This patch is supported for the following versions of the product:

  • Access Manager 5.0

  • Access Manager 5.0 Service Pack 1

  • Access Manager Appliance 5.0 Service Pack 1

NOTE:This patch will upgrade OpenSSL package bundled with Access Gateway Components.

1.0 Security Vulnerability Fixes

This release provides a fix for CVE 2022-0778, OpenSSL vulnerability issue.

2.0 Applying the Patch

IMPORTANT:In a cluster setup, ensure that you install the patch on each node of the Access Manager setup.

2.1 Downloading the Patch

Download the patch file from the Software License and Download portal.

For information about how to download the product from this portal, watch the following video:

Table 1 Files Available for Access Manager Patch Release for the OpenSSL Vulnerability:

Filename

Description

AM_OpenSSL_Patch_Linux64.tar.gz

Contains the OpenSSL vulnerability fix for Access Gateway on Linux and Access Manager Appliance.

2.2 Installing the Patch

IMPORTANT:

  • During installation of the patch, all running services are stopped temporarily. After the patch is installed, all services are restarted.

  • After installing this patch, the version number of Access Manager components is not changed.

Access Manager on Linux and Access Manager Appliance

  1. Extract the patch file by using the tar -xvf AM_OpenSSL_Patch_Linux64.tar.gz command.

  2. Run the rcnovell-apache2 stop command to stop the Apache service.

  3. Go to the location where you have extracted the patch files.

  4. Run the rpm -U novell-nacm-apache-extra-4.2.2-1.0.2zd.x86_64.rpm command in the extracted AM_OpenSSL_Patch_Linux64 folder as a root or root equivalent user.

  5. To validate whether the patch is applied successfully, run the following command and check the OpenSSL versions are novell-nacm-apache-extra-4.2.2-1.0.2zd.x86_64:

    rpm -qa| grep novell-nacm-apache-extra

  6. Run the rcnovell-apache2 start command to start the Apache service.

3.0 Contacting Micro Focus

For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.

Additional technical information or advice is available from several sources:

4.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/about/legal/.

© Copyright 2022 Micro Focus or one of its affiliates.