OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: RamSense on March 16, 2022, 07:46:13 pm
-
Has the opnsense team seen the openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778 (https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778)
and the fix: https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65 (https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65)
-
...switch to LibreSSL (as long as it's still there) ;-)
-
Tomorrow is patch day
-
...switch to LibreSSL (as long as it's still there) ;-)
LibreSSL ist affected by the same bug.
-
Yep, and due to release timing none of it will be available in 22.1.3 tomorrow.
There is always 22.1.4 next week... isn't there? ;)
Cheers,
Franco