Nessus is labeling the severity as medium
Jack.Joslin at gdit.com
Tue Apr 4 13:16:00 UTC 2023
When will OpenSSL 1.1.1u be released?
Tenable indicates the vulnerability severity of 1.1.1t as medium. I found this post indicating that there is no ETA on the release of OpenSSL 1.1.1u and that it may not be released for 3 months.
OpenSSL Security Advisory<https://mta.openssl.org/pipermail/openssl-users/2023-March/016106.html>
>From Nessus/Tenable scan:
Plugin Plugin Name Severity Plugin Output Solution Risk Factor CVE
173260 OpenSSL 1.1.1 < 1.1.1u Multiple Vulnerabilities Medium Plugin Output:
Banner : Apache/2.4.56 (Unix) OpenSSL/1.1.1t mod_perl/2.0.9 Perl/v5.8.8
Reported version : 1.1.1t
Fixed version : 1.1.1u Upgrade to OpenSSL version 1.1.1u or later. Medium CVE-2023-0464, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466
Business Services Outsourcing Center (BSOC)
General Dynamics, Information Technology
327 Columbia Turnpike, Rensselaer, NY 12144
jack.joslin at gdit.com<mailto:jack.joslin at gdit.com>
Follow us on Facebook<http://www.facebook.com/OfficialCSRA> | Twitter<http://www.twitter.com/csra_inc> | LinkedIn<http://www.linkedin.com/company/csra_inc>
This electronic message transmission contains information from GDIT which may be attorney-client privileged, proprietary or confidential. The information in this message is intended only for use by the individual(s) to whom it is addressed. If you believe you have received this message in error, please contact me immediately and be aware that any use, disclosure, copying or distribution of the contents of this message is strictly prohibited. NOTE: Regardless of content, this e-mail shall not operate to bind GDIT to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users