OpenSSL 3.0.7 will fix a CRITICAL security vulnerability

On Tuesday, November 1, OpenSSL will release version 3.0.7 which will fix a CRITICAL security vulnerability: Forthcoming OpenSSL Releases
If you run OpenSSL 3.0 (the latest available version), you will need to patch immediatly.

OpenSSL LTS version 1.1.1 is not susceptible to this bug: Forthcoming OpenSSL Bug Fix Release (despite a bugfix release 1.1.1s will be made in parallel).

6 Likes

Thanks for the heads up!

3 Likes

Doesn't seem quite that bad (the vulnerability since been downgraded to HIGH), though of course everyone should be ensuring their systems are always up-to-date on patches anyway.

https://www.openssl.org/news/secadv/20221101.txt

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.