Urgent Security Update for OpenSSL

Moderator: Forum moderators

Post Reply
scsijon
Posts: 184
Joined: Fri Jul 24, 2020 10:11 am
Has thanked: 6 times
Been thanked: 16 times

Urgent Security Update for OpenSSL

Post by scsijon »

Passed on by request as the matter is VERY urgent.
Will the various package managers please attend to it as a matter of most urgency.

The OpenSSL project released a security update earlier today which
contains 8 security fixes in it. One of these vulnerabilities is rated
as High, while the others are rated as Moderate.

The CVE identifiers for these vulnerabilities are CVE-2023-0286,
CVE-2022-0434, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450,
CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401.

These vulnerabilities can be triggered in a variety of different use
cases, such as RSA decryption, X.400 address processing, X.509
certificate verification, usage of OpenSSL API functions such as
BIO_new_NDEF/PEM_read_bio_ex/d2i_PKCS7 functions, verifying DSA public
keys, and verifying PCKS7 data.

Due to the amount of places where OpenSSL can be used for cryptography,
it's imperative that you upgrade your systems to OpenSSL-3.0.8
immediately, or 1.1.1t if you're on LFS 11.1 or older.

The best referance for more details can be found in the LFS ticket for this update -
https://wiki.linuxfromscratch.org/lfs/ticket/5211

User avatar
BarryK
Posts: 2167
Joined: Tue Dec 24, 2019 1:04 pm
Has thanked: 93 times
Been thanked: 514 times

Re: Urgent Security Update for OpenSSL

Post by BarryK »

Thanks for the info.
I have updated easyOS to openssl 3.0.8, see blog post:

https://bkhome.org/news/202302/openssl- ... o-308.html

Post Reply

Return to “Security/Privacy”