OpenSSL 3.0.7 Patches Serious Vulnerabilities
OpenSSL has issued an advisory relating to two vulnerabilities (CVE-2022-3602 and CVE-2022-3786), which affect OpenSSL version 3.0.0. These vulnerabilities have been addressed with the release of OpenSSL 3.0.7, so users should update now.
“Users of OpenSSL 3.0.0–3.0.6 are encouraged to upgrade to 3.0.7 as soon as possible. If you obtain your copy of OpenSSL from your operating system vendor or other third party then you should seek to obtain an updated version from them as soon as possible,” the OpenSSL team says.
In a previous announcement, these vulnerabilities were described as “critical” — possibly leading to remote code execution. However, the OpenSSL project team has since downgraded the threats to “high,“ saying they “are not aware of any working exploit that could lead to remote code execution” and have no evidence of the vulnerabilities being exploited at this time.
Related content
-
News for Admins
OpenSSL has issued an advisory (https://www.openssl.org/news/secadv/20221101.txt) relating to two vulnerabilities (CVE-2022-3602 and CVE-2022-3786), which affect OpenSSL version 3.0.0.
-
Security after Heartbleed – OpenSSL and its alternatives
The Heartbleed bug shocked the security community and seriously damaged the reputation of OpenSSL. Luckily, alternatives such as LibreSSL, PolarSSL, and GnuTLS are waiting in the wings. - Google Forks OpenSSL
- High-Severity OpenSSL Security Advisory Released
- Emergency Fix for OpenSSL
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
