/ Register

Join the community today
Register Now

OpenSSL OpenSSL 3.0.0 released

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Sep 8, 2021.

Tags:
Previous Thread Next Thread
Loading...
Page 2 of 2
  1. Oct 26, 2022 #21
    eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    3:36 AM
    Nginx 1.25.x
    MariaDB 10.x
    OpenSSL 3.0.6 and below have a critical security vulnerability with fix in OpenSSL 3.0.7 https://twitter.com/prdonahue/status/1584945487727263753

    and https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

    CentOS 7 uses OpenSSL 1.0.2k and CentOS 7 Centmin Mod Nginx uses OpenSSL 1.1.1 so not impacted unless you optionally enable and use OpenSSL 3.0 yourself.

    AlmaLinux 8/Rocky Linux 8 use OpenSSL 1.1.1 for system and for Centmin Mod Nginx OpenSSL. However, AlmaLinux 9/Rocky Linux 9 use OpenSSL 3.0 for system and for Centmin Mod Nginx OpenSSL 1.1.1. Both EL8/EL9 OSes are not publicly supported in Centmin Mod as yet. But private beta testing of EL8 OS for Centmin Mod is underway.
     
  2. Oct 26, 2022 #22
    buik

    buik “The best traveler is one without a camera.”

    1,914
    498
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,603
    Local Time:
    6:36 PM
    Who cares?:) Red Hat Enterprise Linux 9, forks and Ubuntu 22.04 LTS are the only enterprise server OS's that are on OpenSSL 3. And so new that it seems unlikely to me that many are affected by this CVE. After all, there's no reason to deploy this new software, so soon at a serious company of size. On production of course.
     
    Last edited: Oct 26, 2022
  3. Oct 26, 2022 #23
    eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    3:36 AM
    Nginx 1.25.x
    MariaDB 10.x
    A
    Agreed, though so do live on the edge and use EL9 heh. Just getting the word out anyway :D
     
  4. Oct 30, 2022 #24
    eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    3:36 AM
    Nginx 1.25.x
    MariaDB 10.x
  5. Oct 30, 2022 #25
    eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    3:36 AM
    Nginx 1.25.x
    MariaDB 10.x
  6. Nov 2, 2022 #26
    buik

    buik “The best traveler is one without a camera.”

    1,914
    498
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,603
    Local Time:
    6:36 PM
    OpenSSL 3.0.7 released with critical CVE, downgraded to high.
     
  7. Nov 17, 2022 #27
    Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    5:36 PM
    1.9.x
    10.1.x
    Is it worth it already to change to openssl 3.0 in nginx?
     
  8. Nov 17, 2022 #28
    eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    3:36 AM
    Nginx 1.25.x
    MariaDB 10.x
Previous Thread Next Thread
Loading...
Page 2 of 2

.