CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x security vulnerabilities

Turritopsis Dohrnii Teo En Ming tdtemccnp at gmail.com
Wed Nov 2 13:53:50 UTC 2022


On Wed, 2 Nov 2022 at 18:40, Jochen Bern <Jochen.Bern at binect.de> wrote:

> On 02.11.22 07:48, Turritopsis Dohrnii Teo En Ming wrote:
> > I have 2 internet-facing CentOS 7.9 Linux servers in Europe.
> > Are the patches available already? How do I patch OpenSSL on my CentOS
> 7.9
> > Linux servers?
>
> CentOS 7 does not come with 3.0 versions of OpenSSL. (Not even available
> from oft-used repos like EPEL, if I understand correctly, unlike with
> CentOS 8.)
>
> https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md
>
> https://pkgs.org/search/?q=openssl
>
> If you installed it some other way, that "other way" would define how to
> install updates ... or cleanly uninstall it so as to install a current
> version from a different source.
>
> Kind regards,
> --
> Jochen Bern
> Systemingenieur
>
> Binect GmbH
>

I have just checked my internet facing CentOS 7.9 Linux server in Europe.

[root at ns1 ~]# rpm -qa | grep openssl
openssl-libs-1.0.2k-25.el7_9.x86_64
openssl-1.0.2k-25.el7_9.x86_64
openssl-devel-1.0.2k-25.el7_9.x86_64

I don't have OpenSSL 3.0.x installed. I am not affected by the said
security vulnerabilities.

Hooray!

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20221102/a86f7ca8/attachment.htm>


More information about the openssl-users mailing list