openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n

Started by RamSense, March 16, 2022, 07:46:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 16, 2022, 07:46:13 PM Last Edit: March 16, 2022, 07:47:47 PM by RamSense
Has the opnsense team seen the openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n

https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778

and the fix: https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65
Deciso DEC850v2
March 16, 2022, 07:58:00 PM #1
...switch to LibreSSL (as long as it's still there) ;-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 16, 2022, 08:16:54 PM #2
Tomorrow is patch day
March 16, 2022, 09:45:24 PM #3
Quote from: chemlud on March 16, 2022, 07:58:00 PM
...switch to LibreSSL (as long as it's still there) ;-)

LibreSSL ist affected by the same bug.
March 16, 2022, 09:48:50 PM #4
Yep, and due to release timing none of it will be available in 22.1.3 tomorrow.

There is always 22.1.4 next week... isn't there? ;)


Cheers,
Franco
Print
Go Up Pages1
User actions