Want to subscribe to topics you're interested in?
Become a Member

OpenSSL OpenSSL 3.0.0 released

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Sep 8, 2021.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    55,158
    12,249
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,825
    Local Time:
    2:56 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    OpenSSL 3.0.6 and below have a critical security vulnerability with fix in OpenSSL 3.0.7 https://twitter.com/prdonahue/status/1584945487727263753

    and https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html


    CentOS 7 uses OpenSSL 1.0.2k and CentOS 7 Centmin Mod Nginx uses OpenSSL 1.1.1 so not impacted unless you optionally enable and use OpenSSL 3.0 yourself.

    AlmaLinux 8/Rocky Linux 8 use OpenSSL 1.1.1 for system and for Centmin Mod Nginx OpenSSL. However, AlmaLinux 9/Rocky Linux 9 use OpenSSL 3.0 for system and for Centmin Mod Nginx OpenSSL 1.1.1. Both EL8/EL9 OSes are not publicly supported in Centmin Mod as yet. But private beta testing of EL8 OS for Centmin Mod is underway.
     
  2. buik

    buik “The best traveler is one without a camera.”

    2,031
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,676
    Local Time:
    6:56 PM
    Who cares?:) Red Hat Enterprise Linux 9, forks and Ubuntu 22.04 LTS are the only enterprise server OS's that are on OpenSSL 3. And so new that it seems unlikely to me that many are affected by this CVE. After all, there's no reason to deploy this new software, so soon at a serious company of size. On production of course.
     
    Last edited: Oct 26, 2022
  3. eva2000

    eva2000 Administrator Staff Member

    55,158
    12,249
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,825
    Local Time:
    2:56 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    A
    Agreed, though so do live on the edge and use EL9 heh. Just getting the word out anyway :D
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,158
    12,249
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,825
    Local Time:
    2:56 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. eva2000

    eva2000 Administrator Staff Member

    55,158
    12,249
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,825
    Local Time:
    2:56 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. buik

    buik “The best traveler is one without a camera.”

    2,031
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,676
    Local Time:
    6:56 PM
    OpenSSL 3.0.7 released with critical CVE, downgraded to high.
     
  7. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    5:56 PM
    1.9.x
    10.1.x
    Is it worth it already to change to openssl 3.0 in nginx?
     
  8. eva2000

    eva2000 Administrator Staff Member

    55,158
    12,249
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,825
    Local Time:
    2:56 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+