OpenSSL 3.0.7 Patches Serious Vulnerabilities


Users of affected versions of OpenSSL are encouraged to update as soon as possible.

OpenSSL has issued an advisory relating to two vulnerabilities (CVE-2022-3602 and CVE-2022-3786), which affect OpenSSL version 3.0.0. These vulnerabilities have been addressed with the release of OpenSSL 3.0.7, so users should update now.

“Users of OpenSSL 3.0.0–3.0.6 are encouraged to upgrade to 3.0.7 as soon as possible. If you obtain your copy of OpenSSL from your operating system vendor or other third party then you should seek to obtain an updated version from them as soon as possible,” the OpenSSL team says.

In a previous announcement, these vulnerabilities were described as “critical” — possibly leading to remote code execution. However, the OpenSSL project team has since downgraded the threats to “high,“ saying they “are not aware of any working exploit that could lead to remote code execution” and have no evidence of the vulnerabilities being exploited at this time.


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=