High-Severity OpenSSL Security Advisory Released
OpenSSL has released a security advisory in regard to recently discovered vulnerabilities, "including a high-severity address type confusion bug that could be exploited by attackers to read memory contents or enact a denial of service (DoS)," reports Brittany Day.
According to the advisory, OpenSSL versions 3.0, 1.1.1, and 1.0.2 are vulnerable to this issue, and the following actions are needed:
- OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.
- OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t.
- OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).
OpenSSL is "widely used by Internet servers, including the majority of HTTPS websites, making it critical that users are aware of the recent OpenSSL flaws that have been discovered," Day notes.
Read more at LinuxSecurity.
02/15/2023