Replies: 3 comments 7 replies
-
|
I thought openssl was updated as of this year but will investigate and release a new version ASAP if required |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, Mickem. Are there any timelines for the new version release? |
Beta Was this translation helpful? Give feedback.
-
|
Which version are you using? |
Beta Was this translation helpful? Give feedback.
-
|
We have installed NSCP versions 0.5.2.35 and 0.5.2.41 on Windows Server 2016 Datacenter edition, but we still see an older version of "ssleay32.dll" present. We attempted to install version 0.6.0 as you recommended, but encountered the following error message: "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor." Could you provide guidance on how to resolve this installer error, or if there are alternative methods to update the OpenSSL version within NSClient++? Any assistance would be greatly appreciated. |
Beta Was this translation helpful? Give feedback.
-
|
|
Beta Was this translation helpful? Give feedback.
-
|
Can you provide the log file from the installer: |
Beta Was this translation helpful? Give feedback.
-
|
Hi Michael, |
Beta Was this translation helpful? Give feedback.
-
|
I hope you have reviewed the logs. Please let me know your findings so that we can resolve the issue related to the latest NSCP version upgrade and address the vulnerability fix for "ssleay32.dll." |
Beta Was this translation helpful? Give feedback.
-
|
Yes, I saw the logs and I am working on a fix, so I will get back once that is live... |
Beta Was this translation helpful? Give feedback.
-
|
Sorry for the late reply here is the new version: https://github.com/mickem/nscp/releases/tag/0.6.1.0 Let mw know if this works better, please note that visual studio runtime need to be installed before running thew installer: https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170 |
Beta Was this translation helpful? Give feedback.
-
Hello Support Team,
We have identified a security vulnerability in our current version of OpenSSL associated with C:\Program Files\NSClient++\ssleay32.dll. The version in use, 1.0.1j, has been End-of-Life (EOL) since December 20, 2019, and lacks support for security patches or vulnerability disclosures.
Details:
File Path: C:\Program Files\NSClient++\ssleay32.dll
Current Version: 1.0.1j (vulnerable to CVE-2021-4044)
Severity: High (based on the National Vulnerability Database, CPE cpe:2.3:a:openssl
Since the identified vulnerability affects versions below 1.0.2, we’d like to request guidance on updating OpenSSL to a supported version, ideally 1.0.2 or higher, as a remediation step. Could you advise if there are specific compatibility considerations or steps we need to take to update this component within NSClient++?
Thank you in advance for your support on this matter.
Beta Was this translation helpful? Give feedback.
All reactions