Nessus is labeling the severity as medium

Joslin, Jack Jack.Joslin at gdit.com
Tue Apr 4 13:16:00 UTC 2023 

Hello,

When will OpenSSL 1.1.1u be released?

Tenable indicates the vulnerability severity of 1.1.1t as medium. I found this post indicating that there is no ETA on the release of OpenSSL 1.1.1u and that it may not be released for 3 months.

OpenSSL Security Advisory<https://mta.openssl.org/pipermail/openssl-users/2023-March/016106.html>

>From Nessus/Tenable scan:

Plugin  Plugin Name     Severity        Plugin Output   Solution        Risk Factor     CVE
173260  OpenSSL 1.1.1 < 1.1.1u Multiple Vulnerabilities Medium  Plugin Output:
  Banner           : Apache/2.4.56 (Unix) OpenSSL/1.1.1t mod_perl/2.0.9 Perl/v5.8.8
  Reported version : 1.1.1t
  Fixed version    : 1.1.1u     Upgrade to OpenSSL version 1.1.1u or later.     Medium  CVE-2023-0464, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466

Regards,

Jack Joslin

Business Services Outsourcing Center (BSOC)

General Dynamics, Information Technology

327 Columbia Turnpike, Rensselaer, NY 12144

jack.joslin at gdit.com<mailto:jack.joslin at gdit.com>

m: +1.321.431.5117

Follow us on Facebook<http://www.facebook.com/OfficialCSRA> | Twitter<http://www.twitter.com/csra_inc> | LinkedIn<http://www.linkedin.com/company/csra_inc>

This electronic message transmission contains information from GDIT which may be attorney-client privileged, proprietary or confidential.  The information in this message is intended only for use by the individual(s) to whom it is addressed.  If you believe you have received this message in error, please contact me immediately and be aware that any use, disclosure, copying or distribution of the contents of this message is strictly prohibited. NOTE: Regardless of content, this e-mail shall not operate to bind GDIT to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230404/963eaf55/attachment.htm>

More information about the openssl-users mailing list