VOOZH

URL: https://www.phoronix.com/news/OpenSSL-1-November-2022

⇱ OpenSSL Outlines Two High Severity Vulnerabilities - Phoronix

👁 Phoronix

Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

OpenSSL Outlines Two High Severity Vulnerabilities

Written by Michael Larabel in Linux Security on 1 November 2022 at 12:17 PM EDT. 17 Comments

👁 LINUX SECURITY

Two high severity security vulnerabilities affecting OpenSSL were made public today, which were the issues that led to Fedora 37 being delayed to mid-November to allow the release images have mitigated OpenSSL packages.

The OpenSSL vulnerabilities made public today are an X.509 email address 4-byte buffer overflow (CVE-2022-3602) and an X.509 email address variable length buffer overflow (CVE-2022-3786).

Both vulnerabilities pertain to buffer overruns within the X.509 certificate verification. CVE-2022-3602 is the vulnerability originally deemed "critical" and what led to the delayed Fedora 37 and the like. However, on further analysis they decided to downgrade it to "high" severity.

OpenSSL 3.0.x prior to OpenSSL 3.0.7 are affected by these vulnerabilities but not the older OpenSSL 1.x releases.

More details on these OpenSSL security vulnerabilities via OpenSSL.org. OpenSSL 3.0.7 is available with the fixes.

17 Comments

ML-KEM + X-Wing Patches Posted For Linux To Help With Post-Quantum Security

Linux AF_ALG Crypto Code Removing Zero-Copy Support Out Of Security Concerns

Dirty Frag Vulnerability Made Public Early: Root Privilege On All Distributions

Linux Out-Of-Bounds Access Fixed For Unprivileged Users With Specially Crafted Certs

AppArmor Enhancements Merged For Linux 7.0

Linux 7.0 Lands ML-DSA Quantum-Resistant Signature Support

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages

ReactOS "Open-Source Windows" Reaches The Milestone Of Being Able To Run Half-Life

Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack

Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR

YSERVER: Modern X11 Server Written In Rust With The Help Of Claude Code

AMD Opens Pre-Orders For The Linux-Friendly Ryzen AI Halo Developer Platform

Linux 7.1 Released: New NTFS Driver, Intel FRED For Panther Lake, Faster Arc Graphics

Support Phoronix
While Having Ad-Free Browsing,
Single-Page Article Viewing

Legal Disclaimer, Privacy Policy, Cookies | | Contact
Copyright © 2004 - 2026 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved.