Forthcoming OpenSSL Releases

Ing. Martin Koci, MBA mkoci at openssl.org
Fri Jul 1 09:51:58 UTC 2022


Hello,

The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.5 and 1.1.1q.

These releases will be made available on Tuesday 5th July 2022
between 1300-1700 UTC.

These are a security-fix releases. The highest severity issue
fixed in 3.0.5 release is High, in 1.1.1q release Moderate:

https://www.openssl.org/policies/secpolicy.html

One of the issues fixed in the 3.0.5 release is the CVE-2022-2274 (Bug
in RSA implementation for AVX512IFMA capable CPUs) which is already
public:

https://www.cve.org/CVERecord?id=CVE-2022-2274

A workaround for the issue is to set the environment variable
OPENSSL_ia32cap to disable the AVX512IFMA based implementation:

export OPENSSL_ia32cap=:~0x200000

Yours
The OpenSSL Project Team



More information about the openssl-announce mailing list