9 weeks after a fix/patch has been released from the official software provider is not an adequate response time for patching such a vulnerable component.
For anyone who wants it following this:
Here is the steps to upgrade the Open SSL version from 1.0.1i to 1.0.1j.
- Download the File from the below link.
- https://bonitas2.zohocorp.com/zipUploads/2014_23_12_15_43_16_p199ra400j1ib91sqs10b31ga11t4e0.tar.gz
- Stop the Desktopcentral Server.
- Go to the <Desktopcentral_Server>\apache folder
- Rename the folder bin\ to bin_old\ and modules\ folder to modules_old\
- Extract the zip and copy and paste the extracted bin\ and modules\ folder to <Desktopcentral_Server>\apache.
- Copy bin_old\*.csr ,bin_old\*.crt, bin_old\*.key paste into bin\ folder
- Copy the file modules_old\mod_jk.so and modules_old\mod_jk.dll paste into modules\mod_jk.so and modules_old\mod_jk.dll.
- Now Start the Desktopcentral Server.
After completing the above steps, you can run the vulnerability tool to verify the same.
Looking forward to hear from you.
Regards,
-----
Saranraj K
I'm
running
Build No:90103, if that made any
difference in the information that support provided me. Any
problems, maybe try to upgrade to the newest hotfix first. I'm
off to try it now myself.
All I ask is that you escalate this to a higher team internally to review your company policy and procedure on releasing updates for your own product and notifying your customers.
Throughout
this entire ordeal, I have felt that I have had to do most of the
work just to protect myself and your software. It should be easier
and much less of a hassle.