In previous publications (1,2) we reported a vulnerability in OpenSSL. Today the developers of the code library announced a new version that fixes the security hole.
According to the developers they were fixed
| 1-11-22 | CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows |
| 1-11-22 | Security Advisory: two high severity fixes |
| 1-11-22 | OpenSSL 3.0.7 is now available, including bug and security fixes |
| 1-11-22 | OpenSSL 1.1.1s is now available, including bug fixes |
Version 3.0.7 fixes older versions 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6.
For those who don't know OpenSSL is a widely used code library designed to enable secure communication over the internet.
Simply put, every time we browse the web, the website we browse or the online service we access uses OpenSSL at a very basic level.
All of this means you should update immediately. If you are not a system administrator you do not need to do anything. Just wait until the operating system or software you are using releases an update.
The term "library" means that the application is used as is by many applications and operating systems.
