OpenSSL Warns of Critical Security Issue

The OpenSSL Project Team has announced that the November 1st update to OpenSSL 3.0.7 is a security-fix release. “The highest severity issue fixed in this release is CRITICAL,” the notice states

That means “come Nov. 1, everyone — and I mean everyone — will need to patch OpenSSL 3.x,” says Steven J. Vaughan-Nichols.

If you're a Linux user, he notes, you can see which version you’re using by running the following shell command: 

# openssl version

“If you're using anything with OpenSSL 3.x in — anything — get ready to patch on Tuesday. This is likely to be a bad security hole, and exploits will soon follow,” Vaughan-Nichols says.

Read more at ZDNet and see the updated advisory for the latest details.

Comments