<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 2 Nov 2022 at 18:38, Tomas Mraz <<a href="mailto:tomas@openssl.org">tomas@openssl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">In general unless you've built and installed your own build of OpenSSL<br>
you need to refer to the vendor of your operating system for patches.<br>
<br>
In particular the openssl packages in CentOS 7.9 are not affected given<br>
they are 1.0.2 version and not 3.0.x version.<br></blockquote><div><br></div><div>This is good news. I can sleep well.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Tomas Mraz, OpenSSL<br>
<br>
On Wed, 2022-11-02 at 17:48 +1100, Turritopsis Dohrnii Teo En Ming<br>
wrote:<br>
> Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x<br>
> security vulnerabilities<br>
> <br>
> Good day from Singapore,<br>
> <br>
> I refer to the following posts.<br>
> <br>
> [1] OpenSSL Gives Heads Up to Critical Vulnerability Disclosure,<br>
> Check Point Alerts Organizations to Prepare Now<br>
> Link:<br>
> <a href="https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/" rel="noreferrer" target="_blank">https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/</a><br>
> <br>
> [2] 2022 OpenSSL vulnerability - CVE-2022-3602 - Spooky SSL<br>
> Link: <a href="https://github.com/NCSC-NL/OpenSSL-2022" rel="noreferrer" target="_blank">https://github.com/NCSC-NL/OpenSSL-2022</a><br>
> <br>
> [3] VMware Response to CVE-2022-3602 and CVE-2022-3786:<br>
> vulnerabilities in OpenSSL 3.0.x<br>
> Link:<br>
> <a href="https://blogs.vmware.com/security/2022/11/vmware-response-to-cve-2022-3602-and-cve-2022-3786-vulnerabilities-in-openssl-3-0-x.html" rel="noreferrer" target="_blank">https://blogs.vmware.com/security/2022/11/vmware-response-to-cve-2022-3602-and-cve-2022-3786-vulnerabilities-in-openssl-3-0-x.html</a><br>
> <br>
> I have 2 internet-facing CentOS 7.9 Linux servers in Europe.<br>
> <br>
> Are the patches available already? How do I patch OpenSSL on my<br>
> CentOS 7.9 Linux servers?<br>
> <br>
> Thank you.<br>
> <br>
> Regards,<br>
> <br>
> Mr. Turritopsis Dohrnii Teo En Ming<br>
> Targeted Individual in Singapore<br>
> Blogs:<br>
> <a href="https://tdtemcerts.blogspot.com" rel="noreferrer" target="_blank">https://tdtemcerts.blogspot.com</a><br>
> <a href="https://tdtemcerts.wordpress.com" rel="noreferrer" target="_blank">https://tdtemcerts.wordpress.com</a><br>
<br>
-- <br>
Tomáš Mráz, OpenSSL<br>
<br>
</blockquote></div></div>