OpenSSL 3.0.7 Patches Serious Vulnerabilities

By

Users of affected versions of OpenSSL are encouraged to update as soon as possible.

OpenSSL has issued an advisory relating to two vulnerabilities (CVE-2022-3602 and CVE-2022-3786), which affect OpenSSL version 3.0.0. These vulnerabilities have been addressed with the release of OpenSSL 3.0.7, so users should update now.

“Users of OpenSSL 3.0.0–3.0.6 are encouraged to upgrade to 3.0.7 as soon as possible. If you obtain your copy of OpenSSL from your operating system vendor or other third party then you should seek to obtain an updated version from them as soon as possible,” the OpenSSL team says.

In a previous announcement, these vulnerabilities were described as “critical” — possibly leading to remote code execution. However, the OpenSSL project team has since downgraded the threats to “high,“ saying they “are not aware of any working exploit that could lead to remote code execution” and have no evidence of the vulnerabilities being exploited at this time.

11/03/2022

Related content

comments powered by Disqus