OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: RamSense on March 16, 2022, 07:46:13 pm

Title: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
Post by: RamSense on March 16, 2022, 07:46:13 pm

Has the opnsense team seen the openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n

https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778 (https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778)

and the fix: https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65 (https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65)

Title: Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
Post by: chemlud on March 16, 2022, 07:58:00 pm

...switch to LibreSSL (as long as it's still there) ;-)

Title: Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
Post by: mimugmail on March 16, 2022, 08:16:54 pm

Tomorrow is patch day

Title: Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
Post by: 0xDEADC0DE on March 16, 2022, 09:45:24 pm

Quote from: chemlud on March 16, 2022, 07:58:00 pm

...switch to LibreSSL (as long as it's still there) ;-)

LibreSSL ist affected by the same bug.

Title: Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
Post by: franco on March 16, 2022, 09:48:50 pm

Yep, and due to release timing none of it will be available in 22.1.3 tomorrow.

There is always 22.1.4 next week... isn't there? ;)


Cheers,
Franco