Closed harshita01398 closed 1 year ago
JumpingYang001
commented
1 year ago @harshita01398 can you check if your openssl version is openssl 1.1?
The omi package on ubuntu 18.04 is for openssl 1.1.
https://packages.microsoft.com/ubuntu/18.04/prod/pool/main/o/omi/
harshita01398
commented
1 year ago @JumpingYang001 The openssl version on the system is 1.1 only
:~$ openssl version OpenSSL 1.1.1 11 Sep 2018
However, while trying to upgrade omi it gives below- Expecting SSL version (compatible with): 1.0.0 SSL version found on system: 1.1.1
Incorrect version of OMI for your system, please check SSL version. dpkg: error processing archive /var/cache/apt/archives/omi_1.6.9.1_amd64.deb (--unpack): new omi package pre-installation script subprocess returned error exit status 3
JumpingYang001
commented
1 year ago @harshita01398 it looks strange, we cannot repro the issue on our side, BTW, we have added 1.6.10-2 in https://packages.microsoft.com/ubuntu/18.04/prod/pool/main/o/omi/, you can re-upgrade and see if it still repro.
If it still occur, you can try to run wget https://packages.microsoft.com/ubuntu/18.04/prod/pool/main/o/omi/omi-1.6.10-2.ssl_110.ulinux.x64.deb;dpkg -i omi-1.6.10-2.ssl_110.ulinux.x64.deb.
harshita01398
commented
1 year ago @JumpingYang001 It worked via wget command.
Also, is there a remediation from vulnerable version for Ubuntu16.04 ?
JumpingYang001
commented
1 year ago @harshita01398 openssl 1.0 on Ubuntu16.04 can use this: wget https://packages.microsoft.com/ubuntu/16.04/prod/pool/main/o/omi/omi-1.6.10-2.ssl_100.ulinux.x64.deb;dpkg -i omi-1.6.10-2.ssl_100.ulinux.x64.deb
Unable to upgrade omi package on flagged VMs due to below error:
The following packages will be upgraded: omi 1 upgraded, 0 newly installed, 0 to remove and 95 not upgraded. Need to get 0 B/1882 kB of archives. After this operation, 16.4 kB disk space will be freed. (Reading database ... 408934 files and directories currently installed.) Preparing to unpack .../archives/omi_1.6.9.1_amd64.deb ... Expecting SSL version (compatible with): 1.0.0 SSL version found on system: 1.1.1
Incorrect version of OMI for your system, please check SSL version. dpkg: error processing archive /var/cache/apt/archives/omi_1.6.9.1_amd64.deb (--unpack): new omi package pre-installation script subprocess returned error exit status 3 Deleting omiusers group ... groupdel: cannot remove the primary group of user 'omsagent' Deleting omi service account ... userdel: user omi is currently used by process 4430 Deleting omi group ... groupdel: cannot remove the primary group of user 'omi'
since they already exist. *
2022-08-04 09:27:35 : Crontab no longer configured to update omi keytab. 2022-08-04 09:27:35 : Crontab configured to update omi keytab automatically Checking if cron is installed... Checking if cron/crond service is started... Set up a cron job to OMI logrotate every 15 minutes Configuring OMI service ... Errors were encountered while processing: /var/cache/apt/archives/omi_1.6.9.1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)
sudo apt-cache policy openssl openssl: Installed: 1.1.1-1ubuntu2.1~18.04.20 Candidate: 1.1.1-1ubuntu2.1~18.04.20 Version table: *** 1.1.1-1ubuntu2.1~18.04.20 500 500 http://azure.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 100 /var/lib/dpkg/status 1.1.0g-2ubuntu4 500 500 http://azure.archive.ubuntu.com/ubuntu bionic/main amd64 Packages