Critical flaw in OpenSSL announced

Started by EdwinKM, October 27, 2022, 11:35:38 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 27, 2022, 11:35:38 PM
Did a fast scan and found nothing. No blog item.

1 November people expect a patch for OpenSSL https://tweakers.net/nieuws/202682/openssl-kondigt-update-aan-voor-kritiek-beveiligingslek.html.

Does this affect the OpnSense community? Should people patch this day? I hope OpnSense will inform the users.
Especially strange because the business release is released yesterday (and no openssl reference)
October 28, 2022, 06:36:12 AM #1
Hi,

I've the latest version of OpnSense installed. You could check your OpenSSL version with:
Code Select
openssl version

Mine is OpenSSL 1.1.1o-freebsd  3 May 2022

According to https://www.mail-archive.com/openssl-users@openssl.org/msg91244.html the critical issue applies to 3.0.0 - 3.0.6 only. It does not apply to any 1.1.1 release.

br
October 30, 2022, 01:08:38 PM #2
OPNsense 22.10-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022


is the current version of business release on my 670
October 30, 2022, 06:54:10 PM #3 Last Edit: October 30, 2022, 07:03:19 PM by RamSense
For the community version also:
OPNsense 22.7.6-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022

The terminal [openssl version] lookup gives a different version back (?)
# openssl version
OpenSSL 1.1.1o-freebsd  3 May 2022
Deciso DEC850v2
Print
Go Up Pages1
User actions