High-Severity OpenSSL Security Advisory Released
OpenSSL has released a security advisory in regard to recently discovered vulnerabilities, "including a high-severity address type confusion bug that could be exploited by attackers to read memory contents or enact a denial of service (DoS)," reports Brittany Day.
According to the advisory, OpenSSL versions 3.0, 1.1.1, and 1.0.2 are vulnerable to this issue, and the following actions are needed:
- OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.
- OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t.
- OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).
OpenSSL is "widely used by Internet servers, including the majority of HTTPS websites, making it critical that users are aware of the recent OpenSSL flaws that have been discovered," Day notes.
Read more at LinuxSecurity.
Related content
- Emergency Fix for OpenSSL
- OpenSSL 3.0.7 Patches Serious Vulnerabilities
- Google Forks OpenSSL
- Curl v8.4.0 Addresses High-Severity Issue
-
Security after Heartbleed – OpenSSL and its alternatives
The Heartbleed bug shocked the security community and seriously damaged the reputation of OpenSSL. Luckily, alternatives such as LibreSSL, PolarSSL, and GnuTLS are waiting in the wings.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
