openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n

Started by RamSense, March 16, 2022, 07:46:13 PM

Previous topic - Next topic
Has the opnsense team seen the openssl vulnerabilities CVE-2022-0778 -> needed version 1.1.1.n

https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778

and the fix: https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65
Deciso DEC850v2

...switch to LibreSSL (as long as it's still there) ;-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....


Quote from: chemlud on March 16, 2022, 07:58:00 PM
...switch to LibreSSL (as long as it's still there) ;-)

LibreSSL ist affected by the same bug.

Yep, and due to release timing none of it will be available in 22.1.3 tomorrow.

There is always 22.1.4 next week... isn't there? ;)


Cheers,
Franco