Partners Blog Contact Us

Security Update 21 - VidyoReplay


Vidyo Server Security Update 21 (SU21) provides existing VidyoReplay servers with updated packages and package configurations to address most known and current vulnerabilities (CVEs) at the time of the release of this Update, as noted in common OS and package security bulletins.

The updates and configuration changes applied by SU21 are outlined in this article below. 

If you have an on-premises VidyoReplay, all the information in this article applies to you. In particular, you must follow the steps in the "Applying Security Update 21" section in order to physically perform the update.

If you are a cloud customer, Vidyo will install SU21 for you; however, you may want to read this article to understand the system changes that take place when SU21 is applied. 


Important Notices


Security Update 21 Files 

This SU21 file... Is for...
Security_Update_21_VRP_Rev016-signed.vidyo VidyoReplay version 3.1.4(05) or later


Do not install SU21 on a version earlier than the versions listed in the preceding table. If SU21 is run on an unsupported version, the updater will exit and post a message in the updater log.


System Changes Performed by Security Update 21

Specific security-related package updates:


Apache Web Server

Product  Previous SU Version SU21 Version
VidyoReplay 2.4.35 with OpenSSL 1.0.2p 2.4.38 with OpenSSL 1.0.2q

This SU updates the configuration to use the random Diffie-Hellman parameters file (2048 bits).


OpenSSL Dynamic Library

Product  Previous SU Version SU21 Version
VidyoReplay OpenSSL 1.0.2p OpenSSL 1.0.21



Product  Previous SU Version SU21 Version
VidyoReplay 9.3.24 9.3.24



Product  Previous SU Version SU21 Version
VidyoReplay 7.6p1 (OpenSSL 1.0.2p) 7.9p1 (OpenSSL 1.0.2q)


OpenSSH Security Improvements

  • Devices are now configured to time out after 60 seconds for incomplete or broken SSH sessions by setting LoginGraceTime to 60 seconds.
  • Addresses a security scan issue “Diffie-Hellman group smaller than 2048 bits (tls-dh-prime-under-2048-bits)” by removing groups lower than 2048 bits from /etc/ssh/moduli.
  • Adds the following cipher, HMAC, and exchange algorithm lines to the sshd_config.default to strengthen SSH encryption:
    • aes128-ctr,aes192-ctr,aes256-ctr
    • hmac-sha2-256,hmac-sha2-512
    • ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

These improvements require an SSH client that supports the above listed ciphers, HMACs, and key exchange algorithms. SSH clients that do not support these mechanisms will not be able to connect. Most modern updated SSH clients usually support these mechanisms.

Linux® Kernel Update

  • SU21 will update the Linux Kernel to 4.14.94


Known Issues after Successfully Applying Security Update 21

Some vulnerability scanners may report a low to moderate level vulnerability of “TCP timestamp response (generic-tcp-timestamp)” and/or “ICMP timestamp response”, even after Security Update 21 is successfully applied.

Description: The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps. At this time, Vidyo is reluctant to disable tcp_timestamps, as this could disrupt the packet communication needs of the protocols used for VidyoConferencing. Vidyo considers this vulnerability to be low, and this issue does not really affect the security of the Linux TCP stack in any meaningful way. ICMP may be blocked via a firewall to mitigate the ICMP specific tcp_timestamp issue.


Applying Security Update 21

If you have an on-premise VidyoReplay, you must perform the steps in this section to apply SU21. If you are a cloud customer, you can skip this section because Vidyo will perform the update for you.

Upgrading Your VidyoReplay

Before upgrading your VidyoReplay, put your server in to Maintenance Mode. 

To upgrade your VidyoReplay:

  1. Log in to the VidyoReplay using the default Super account.  For more information, see Logging in to the VidyoReplay in the VidyoReplay Administrator Guide.  

  2. Click the Settings link. For more information, see Accessing System Settings in the VidyoReplay Administrator Guide.

  3. Click the Maintenance tab.


    Note: The Choose File and Upload & Install fields only appear when your VidyoReplay is in Maintenance Mode. For more information, see Using Maintenance Mode in the VidyoReplay Administrator Guide.

    As the system warning indicates, “Upgrading will overwrite the current installation. VidyoReplay will reboot after the upgrade.”

  4. Click Choose File.

  5. Locate the Security Update 21 file above on your computer or network location. 

  6. Click Open.

  7. Click Upload & Install.


Contacting Technical Support

If you are a Vidyo Reseller or Vidyo End User with “Plus” coverage, please feel free to contact the Vidyo Customer Support team via email with any questions or if you need assistance.

  • Phone: +1-866-99-VIDYO / +1-201-289-8597
  • Email:

If you are a Vidyo End User without “Plus” coverage, please contact your Vidyo Reseller for further details.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.