VMware Cloud Community
dpetrovic
Contributor
Contributor

How to verify vcenter heartbleed upgrade

Hi all

how can we verify if the 5.5.1c upgrade has been sucessfull?

vpxd -v, query in SQL database and help - about all stating that current version is 5.5.0 build-1476327...

tnx in advance!

Reply
0 Kudos
2 Replies
schepp
Leadership
Leadership

Hey,

are you using the windows install or the appliance?

For the appliance log in with ssh and exec "openssl version"

on windows install search the C:\Program files\VMware path for openssl executables.

run them with "openssl.exe version -a"

only openssl 1.0.1 to 1.0.1f should be vulnerable

Message was edited by: Tim Scheppeit

dpetrovic
Contributor
Contributor

I'm using windows install.

found the path in C:\OpenSSL\bin and version returns "OpenSSL 0.9.8y 5 Feb 2013" which is lower than 1.x... ??

edit:

as per VMware KB: Resolving OpenSSL Heartbleed for VMware vCenter Server 5.5 :

Note: These releases upgrade the OpenSSL libraries. The openssl.exe file remains unchanged and will display the same version number as it did previously.

:smileyconfused:

edit2:

ok, as per Re: Heartbleed vulnerability OpenSSL you can't be sure if you have updated it correctly because openssl -version has a bug that displays old version although you applied the patch...

even if so, I'm ok because this release of openssl is not affected by heartbleed Smiley Happy

Reply
0 Kudos