- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: SMB OpenSSL Fixes for CVE-2022-0778 are ready ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SMB OpenSSL Fixes for CVE-2022-0778 are ready for 1500 1600 1800
Upgrade OpenSSL to fix CVE-2022-0778 Refer to sk178411 - Check Point response to OpenSSL CVE-2022-0778.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
YES - according to R&D the solution is:
The "# cpopenssl version" command applies to R80.40 and above. In R80.30 versions (and below), we do not upgrade the openSSL version but manually port the fix for the CVE. Although there is no easy way to make sure that openSSL was upgraded on these versions, it will be after you install the Hotfix.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would suggest to not install this fix - i found a serious bug in APPI updates making APCL work no more...
--> as stated this is not an issue of this firmware, only mine 😎
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pt bladeUpdateStatus
3 (2002) =
modified = nil
lastSuccessfulCheckTime = 1647770804
installedUpdateVersion = 0
availableUpdateVersion = 22030801
isOfflineUpdate = false
lastInstallStartedAt = 1647770803
installStatus = BLADE_INSTALL_STATUS.CONNECTING
id = 2002
lastInstallResult = BLADE_INSTALL_RESULT.INSTALL_ERROR
bladeCode = BLADE.APPLICATION_CONTROL
lastSuccessfulInstallTime = nil
upToDateConfirmedAt = nil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have reverted back to R80.20.35_992002613, but Update & APPI is still not working 😞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Chapters
- descriptions off, selected
- captions settings, opens captions settings dialog
- captions off, selected
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
End of dialog window.
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
APCL update status is not displayed, but on clicking the Apply button, APCL tries to update, that is to reach the server, but fails - update is never started !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you open a TAC case yet?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just gave feedback to the SK - my wife is watching TV so i can do no debugs 😉.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
never heard that excuse before, lol
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have resolved the issue 😎
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That seems not to be the only issue here - in GAiA after patching, R81.10 and R80.40 show:
# cpopenssl version
OpenSSL 1.1.1n 15 Mar 2022
This is the fixed OpenSSL version !
But 1550 R80.20.35_992002639:
# cpopenssl version
OpenSSL 1.0.2r 26 Feb 2019
This is the same version as in R80.20.35_992002613. That should be fixed OpenSSL version 1.0.2zd according to CVE-2022-0778.
So does this firmware fix the issue at all ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys
we didn't see any bug in APPI. in fact there was no change in this region, so I'll be surprise if there is a bug.
As for why OpenSSL in not 1.1.1n. the issue was fixed within the same OpenSSL version.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think that my APPI issue has nothing to do with the firmware version - OpenSSL 1.0.2r 26 Feb 2019 is a fixed version ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
YES - according to R&D the solution is:
The "# cpopenssl version" command applies to R80.40 and above. In R80.30 versions (and below), we do not upgrade the openSSL version but manually port the fix for the CVE. Although there is no easy way to make sure that openSSL was upgraded on these versions, it will be after you install the Hotfix.