OpenSSL 3.0.7 will fix a CRITICAL security vulnerability

ghen · October 29, 2022, 6:37pm

On Tuesday, November 1, OpenSSL will release version 3.0.7 which will fix a CRITICAL security vulnerability: Forthcoming OpenSSL Releases
If you run OpenSSL 3.0 (the latest available version), you will need to patch immediatly.

OpenSSL LTS version 1.1.1 is not susceptible to this bug: Forthcoming OpenSSL Bug Fix Release (despite a bugfix release 1.1.1s will be made in parallel).

_az · October 29, 2022, 8:01pm

Thanks for the heads up!

petercooperjr · November 1, 2022, 5:17pm

Doesn't seem quite that bad (the vulnerability since been downgraded to HIGH), though of course everyone should be ensuring their systems are always up-to-date on patches anyway.

https://www.openssl.org/news/secadv/20221101.txt

system · December 1, 2022, 5:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Confusion Around Report on OpenSSL Vulnerabilities and How It Relates to LetsEncrypt Certificates Help	12	3059	June 2, 2017
OpenSSL updates Client dev	3	747	October 27, 2021
F Rating for helloworld.letsencrypt.org on Qualys SSL Labs [Fixed] Site Feedback	9	5746	July 9, 2016
RHEL/CentOS 7 OpenSSL client compatibility after new chain Help	44	16576	October 9, 2021
I have updated openssl-1.0.1e to openssl-1.0.1t but I am still getting an F rating Help	10	2877	August 26, 2016

OpenSSL 3.0.7 will fix a CRITICAL security vulnerability

Related topics