NetTalk Central
Toggle navigation
Login
Register
×
Welcome,Guest
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
NetTalk Central
»
News and Announcements
»
News And Views
(Moderator:
Bruce
) »
OpenSSL 3.0.0 vulnerability
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenSSL 3.0.0 vulnerability (Read 5062 times)
Bruce
Global Moderator
Hero Member
Posts: 11250
OpenSSL 3.0.0 vulnerability
«
on:
November 01, 2022, 09:13:34 PM »
There's a fair amount of chatter going on about two OpenSSL vulnerabilities;
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
https://www.bleepingcomputer.com/news/security/openssl-fixes-two-high-severity-vulnerabilities-what-you-need-to-know/
https://news.ycombinator.com/item?id=33422837
I'm posting this to let you know that NetTalk apps are not affected. We are currently on OpenSSL build 1.1.1.14, which predates these issues (which are version 3.0.0 specific.)
For non-NetTalk sites you also shouldn't panic - as per the second link above, only about 1.5% of OpenSSL deployments are on 3.x - 65% are like us on 1.1.1 and just over 30% are on an older version.
Incidentally the bugs have also been down-rated from Critical to High as the conditions under which they could be exploited are extremely narrow (and also wouldn't affect a typical NetTalk server.)
Cheers
Bruce
Logged
Print
Pages: [
1
]
« previous
next »
NetTalk Central
»
News and Announcements
»
News And Views
(Moderator:
Bruce
) »
OpenSSL 3.0.0 vulnerability