That Tweet:
OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC. Does not affect versions before 3.0.
From: Mark j Cox (@iamamoose)
Command line check: $ openssl version
OpenSSL 3.0.0 to 3.0.6 are vulnerable.
- OpenSSL Project Site
- CVE Details for OpenSSL
- Linux Distro OpenSSL versions from SANS
- Vincent’s list of OpenSSL 3 software
- Docker Security Advisory
Miscellaneous background reading - OpenSSL (Wikipedia)
- Blog: The experience of bringing OpenSSL 3.0 into RHEL and Fedora
- Ubuntu 22.04 transition plan for OpenSSL 3
- Fedora 37 postponed
- Twitter #OpenSSL
Last Critical Vulnerability in OpenSSL: Heartbleed (Wikipedia)
The competition (some of) LibreSSL
