Re: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x security vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In general unless you've built and installed your own build of OpenSSL
you need to refer to the vendor of your operating system for patches.

In particular the openssl packages in CentOS 7.9 are not affected given
they are 1.0.2 version and not 3.0.x version.

Tomas Mraz, OpenSSL

On Wed, 2022-11-02 at 17:48 +1100, Turritopsis Dohrnii Teo En Ming
wrote:
> Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x
> security vulnerabilities
> 
> Good day from Singapore,
> 
> I refer to the following posts.
> 
> [1] OpenSSL Gives Heads Up to Critical Vulnerability Disclosure,
> Check Point Alerts Organizations to Prepare Now
> Link:
> https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/
> 
> [2] 2022 OpenSSL vulnerability - CVE-2022-3602 - Spooky SSL
> Link: https://github.com/NCSC-NL/OpenSSL-2022
> 
> [3] VMware Response to CVE-2022-3602 and CVE-2022-3786:
> vulnerabilities in OpenSSL 3.0.x
> Link:
> https://blogs.vmware.com/security/2022/11/vmware-response-to-cve-2022-3602-and-cve-2022-3786-vulnerabilities-in-openssl-3-0-x.html
> 
> I have 2 internet-facing CentOS 7.9 Linux servers in Europe.
> 
> Are the patches available already? How do I patch OpenSSL on my
> CentOS 7.9 Linux servers?
> 
> Thank you.
> 
> Regards,
> 
> Mr. Turritopsis Dohrnii Teo En Ming
> Targeted Individual in Singapore
> Blogs:
> https://tdtemcerts.blogspot.com
> https://tdtemcerts.wordpress.com

-- 
Tomáš Mráz, OpenSSL





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux