High-Severity OpenSSL Security Advisory Released
OpenSSL has released a security advisory in regard to recently discovered vulnerabilities, "including a high-severity address type confusion bug that could be exploited by attackers to read memory contents or enact a denial of service (DoS)," reports Brittany Day.
According to the advisory, OpenSSL versions 3.0, 1.1.1, and 1.0.2 are vulnerable to this issue, and the following actions are needed:
- OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.
- OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t.
- OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).
OpenSSL is "widely used by Internet servers, including the majority of HTTPS websites, making it critical that users are aware of the recent OpenSSL flaws that have been discovered," Day notes.
Read more at LinuxSecurity.
02/15/2023
Related content
- Emergency Fix for OpenSSL
- OpenSSL 3.0.7 Patches Serious Vulnerabilities
- Google Forks OpenSSL
- Curl v8.4.0 Addresses High-Severity Issue
-
Security after Heartbleed – OpenSSL and its alternatives
The Heartbleed bug shocked the security community and seriously damaged the reputation of OpenSSL. Luckily, alternatives such as LibreSSL, PolarSSL, and GnuTLS are waiting in the wings.