Tenable.sc Patch 202204.1 Release Notes (2022-04-06)

Note: This release includes fixes for vulnerabilities. For more information, see the Tenable Product Security Advisory.

Apply this patch to Tenable.sc installations running Tenable.sc 5.19.0, 5.19.1, 5.20.0, and 5.20.1. This patch updates Apache to version 2.4.53 and updates OpenSSL to version 1.1.1n to address the following vulnerabilities: CVE-2022-0778 and CVE-2022-23943.

Steps to Apply

Apply the patch to a standalone Tenable.sc or Tenable Core + Tenable.sc:

  1. Download the patch from https://www.tenable.com/downloads/tenable-sc to Tenable.sc. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable.sc stops. After the installation finishes, Tenable.sc automatically restarts.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable.sc, as described in the knowledge base article.

Contents

  • support/bin/httpd

  • support/bin/openssl

  • support/lib/libcrypto.so.1.1

  • support/lib/libssl.so.1.1

  • install.sh

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.