Print Page - Critical flaw in OpenSSL announced

Title: Critical flaw in OpenSSL announced
Post by: EdwinKM on October 27, 2022, 11:35:38 PM

Did a fast scan and found nothing. No blog item.

1 November people expect a patch for OpenSSL https://tweakers.net/nieuws/202682/openssl-kondigt-update-aan-voor-kritiek-beveiligingslek.html (https://tweakers.net/nieuws/202682/openssl-kondigt-update-aan-voor-kritiek-beveiligingslek.html).

Does this affect the OpnSense community? Should people patch this day? I hope OpnSense will inform the users.
Especially strange because the business release is released yesterday (and no openssl reference)

Title: Re: Critical flaw in OpenSSL announced
Post by: Mks on October 28, 2022, 06:36:12 AM

Hi,

I've the latest version of OpnSense installed. You could check your OpenSSL version with:

Code Select

openssl version

Mine is OpenSSL 1.1.1o-freebsd 3 May 2022

According to https://www.mail-archive.com/openssl-users@openssl.org/msg91244.html (https://www.mail-archive.com/openssl-users@openssl.org/msg91244.html) the critical issue applies to 3.0.0 - 3.0.6 only. It does not apply to any 1.1.1 release.

br

Title: Re: Critical flaw in OpenSSL announced
Post by: DEC670airp414user on October 30, 2022, 01:08:38 PM

OPNsense 22.10-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022

is the current version of business release on my 670

Title: Re: Critical flaw in OpenSSL announced
Post by: RamSense on October 30, 2022, 06:54:10 PM

For the community version also:
OPNsense 22.7.6-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022

The terminal [openssl version] lookup gives a different version back (?)
# openssl version
OpenSSL 1.1.1o-freebsd 3 May 2022

OPNsense Forum

English Forums => Virtual private networks => Topic started by: EdwinKM on October 27, 2022, 11:35:38 PM