A patch for the high-profile OpenSSL 3 vulnerability has been released, downgrading the vulnerability to “high” from “high”, which was previously considered equivalent to the Heartbleed vulnerability. The latest release of OpenSSL version 3.0.7 fixes two buffer overflow vulnerabilities CVE-2022-37786 and CVE-2022-3602 that affect all OpenSSL 3.x series versions but are unlikely to lead to remote code execution. Linux distributions, including Fedora, have been delayed due to the flaw. Of all OpenSSL versions, OpenSSL 1.1.1 is still in long-term support, and OpenSSL 3.x is not as popular.
This article is reprinted from: https://www.solidot.org/story?sid=73236
This site is for inclusion only, and the copyright belongs to the original author.