OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
« previous next »
  • Print
Pages: [1]

Author Topic: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n  (Read 1783 times)

RamSense

  • Hero Member
  • *****
  • Posts: 594
  • Karma: 10
    • View Profile
openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
« on: March 16, 2022, 07:46:13 pm »
Has the opnsense team seen the openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n

https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778

and the fix: https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65
« Last Edit: March 16, 2022, 07:47:47 pm by RamSense »
Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2481
  • Karma: 112
    • View Profile
Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
« Reply #1 on: March 16, 2022, 07:58:00 pm »
...switch to LibreSSL (as long as it's still there) ;-)
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

mimugmail

  • Hero Member
  • *****
  • Posts: 6766
  • Karma: 494
    • View Profile
Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
« Reply #2 on: March 16, 2022, 08:16:54 pm »
Tomorrow is patch day
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

0xDEADC0DE

  • Newbie
  • *
  • Posts: 49
  • Karma: 1
    • View Profile
Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
« Reply #3 on: March 16, 2022, 09:45:24 pm »
Quote from: chemlud on March 16, 2022, 07:58:00 pm
...switch to LibreSSL (as long as it's still there) ;-)

LibreSSL ist affected by the same bug.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17657
  • Karma: 1611
    • View Profile
Re: openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
« Reply #4 on: March 16, 2022, 09:48:50 pm »
Yep, and due to release timing none of it will be available in 22.1.3 tomorrow.

There is always 22.1.4 next week... isn't there? ;)


Cheers,
Franco
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2